I'm having trouble with npm security reporting a low level vulnerability within the babel-cli package - at version 6.26.0.
Everything else works just fine, however this requires a manual review. The package in babel-cli is "braces", and so far I cannot figure out how to force it to update - no matter how many times --save-dev, temporarily clearing the lock file, etc, is used, it stays at current version.
With how widespread babel is, I was curious what others have done to fix this issue.
You need to update your version of babel since it has a transitive dependency on the mentioned package. Manually updating anything won't help until you update the version of babel.
The current version 7 has chokidar 2, which depends on anymatch 2, which depends on micromatch 3.
Hence it is resolved in the latest version and if you do not want to switch to 7, you will need to see which version of babel depends on higher versions of chokidar and anymatch to figure out the exact version to use.
