NPM Audit shows there is a low level vulnerability in clean-css that is patched in >= 4.1.11.
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Regular Expression Denial of Service
Package clean-css
Patched in >=4.1.11
Dependency of ember-cli [dev]
broccoli-clean-css > clean-css-promise > clean-css
More info https://npmjs.com/advisories/785
Running NPM list clean-css shows the following result:
+-- clean-css@4.2.3
`-- ember-cli@3.16.0
`-- ember-cli-preprocess-registry@3.3.0
`-- broccoli-clean-css@1.1.0
`-- clean-css-promise@0.1.1
`-- clean-css@3.4.28
How do I update this package?
Diagnostics:
Running npm audit fix does not work.
Running npm outdated does not work because there are no results.
Running the following does not work:
ncu -u
npm update
npm install
Running the following does not work:
Running the following does not work:
npm update --save-dev clean-css-promise
npm update --save-dev broccoli-clean-css
npm update --save-dev clean-css-promise
npm install
So there may be nothing you can do about it, you're at the mercy of your dependencies' dependencies.
You can only update the ones you're in control of, which in this case is ember-cli. If you can't update that, or are at the most updated version, then you're stuck waiting on other package maintainers to fix it in their dependencies (and ember-cli is stuck waiting if they need those packages, and so on down the tree).
In the meantime, chill as one of the comments suggested.