Security advisory alert (moderate severity) for nth-check, a dependency of css-select

[r-wells]

Describe the bug

Security advisory alert (moderate severity) for nth-check, a dependency of css-select

So it looks like it's happening from this little snippet of code in package-lock.json (taken from the current main branch here):

"css-select": {
          "version": "2.1.0",
          "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz",
          "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==",
          "requires": {
            "boolbase": "^1.0.0",
            "css-what": "^3.2.1",
            "domutils": "^1.7.0",
            "nth-check": "^1.0.2"
          }
        }

There are other uses of css-select that are updated to the current version 4.1.3 but this one is still under 2.1.0.

I'm assuming it's a dependency of a dependency of a dependency sort of thing.

But these security alerts are a little annoying/worrying. Can someone just clarify: is this going to affect our app in any way/can we get this updated? After researching it, I really don't think it will, but want to check.

Thanks!

[stale]

This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

[gaearon]

#11647 (comment)