Resolved issue with new ID?

[stevendarby]

We're using: npm-audit-resolver 3.0.0-RC.0 npm 7.21.1 node 16.20.1

We have this entry (among others) in our audit-resolve.json:

"1092310|@angular/localize>@babel/core>semver": {
  "decision": "ignore",
  "madeAt": 1687523635078,
  "expiresAt": 1693004400000
}

Today we see this:

[moderate] semver: semver vulnerable to Regular Expression Denial of Service (1092413)
  @angular/localize>@babel/core>semver 

The path is the one we've ignored, except for the ID. Does this suggest a new issue? Looking at issues for semver, I don't think any new ones have been raised recently, beyond the one we've already ignored? Would greatly appreciate some help understanding what is happening here. Is there a genuine new issue or is a different ID somehow being generated, meaning it can't match the issue with the one in the audit-resolve.json?

[stevendarby]

Hmm, may have found a clue. Looking at our CI history, this started failing on Friday, which corresponds to an update to the GitHub advisory:

https://github.com/github/advisory-database/commits/main/advisories/github-reviewed/2023/06/GHSA-c2qf-rxjj-qqgw/GHSA-c2qf-rxjj-qqgw.json

Could such an update mean you generate a different ID? If so, is there a way to make it less sensitive to such changes?

[stevendarby]

Probably a duplicate of https://github.com/naugtur/npm-audit-resolver/issues/56