There's currently a security vulnerability flagged by yarn audit, which is triggered by the postcss requirement of one of your direct dependencies, svg-baker. It doesn't look like that package has had any activity in a while, and there's an open issue against it since September 23, so it doesn't look there's going to be an update any time soon. Is there any chance the svg-baker depedency can be replaced by something that doesn't pull the affected postcss version?
There's currently a security vulnerability flagged by yarn audit, which is triggered by the postcss requirement of one of your direct dependencies, svg-baker. It doesn't look like that package has had any activity in a while, and there's an open issue against it since September 23, so it doesn't look there's going to be an update any time soon. Is there any chance the svg-baker depedency can be replaced by something that doesn't pull the affected postcss version?
postcss <7.0.36 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5