.nsprc

{
  "GHSA-f5x3-32g6-xq36": "tar - devDependency, used in sass pipeline, no risk given our usage",
  "GHSA-35jh-r3h4-6jhm": "lodash.template - devDependency, used to locally serve markdown, no risk given our usage",
  "GHSA-4gmj-3p3h-gm8h": "es5-ext - no risk given our usage - test coverage should catch",
  "GHSA-67hx-6x53-jw92": "@babel/traverse - devDependency, no risk given our usage",
  "GHSA-j8xg-fqg3-53r7": "word-wrap - devDependency, no risk given our usage",
  "GHSA-c2qf-rxjj-qqgw": "semver - devDependency, no risk given our usage",
  "GHSA-7fh5-64p2-3v2j": "postcss - devDependency, no risk given our usage",
  "GHSA-rp65-9cf3-cjxr": "nth-check - devDependency, no risk given our usage",
  "GHSA-p8p7-x288-28g6": "request: devDependency, no risk given our usage",
  "GHSA-72xf-g2v4-qvf3": "tough-cookie: devDependency, no risk given our usage",
  "GHSA-grv7-fg5c-xmjg": "devDependency, should be no risk, but if we did hit an issue it would just result in long build we might have to kill and fix.",
  "GHSA-952p-6rrq-rcjv": "micromatch: used by stylelint, no risk given our usage",
  "GHSA-gcx4-mw62-g8wm": "rollup - we don't use import.meta.url to inject scripts dynamically, so we should be ok",
  "GHSA-3h5v-q93c-6h6q": "backstopjs - won't impact us I think, and we can't upgrade past at the moment because of flakey tests.",
  "GHSA-pxg6-pf52-xh8x": "cookie - this is transitive dep of express, which we just use locally and don't use to set cookies.",
  "GHSA-3xgq-45jj-v275": "cross-spawn - devDependency, no risk given our usage",
  "GHSA-mwcw-c2x4-8c55": "nanoid - devDependency, no risk given our usage",
  "GHSA-rhx6-c78j-4q9w": "path-to-regexp - devDependency, no risk given our usage"
}