GitHub is reporting our copy of this package (5.1.2) has a lot of security issues in the dependencies:

For some reason this is not being reported in the Security tab on this project? It might be worth enabling the feature in GitHub (some of those might be easily fixed)?

I've looked through 5.2.0 and it doesn't look to improve it (makes sense as package-lock.json hasn't been updated in 11 months and 5.1.2 and 5.2.0 came out within the last 5 months).