nicolo-ribaudo
commented
3 years ago I assume you are using a Node.js version higher than 6. In that case the CVE doesn't affect you and you can safely ignore the warning: in Node.js >= 8, Babel doesn't use this package but uses chokidar@3 directly.
If you are still using Node.js 6, I highly recommend updating to a more recent Node.js version.
There's a new CVE open on glob-parent < 5.1.2 . This package depends on ^3.1.0 currently and so it gets flagged by
npm auditand the like.This issue would be to update the semver matcher to include the 5.1.x series.