Security vulnerability in version 4.1.1 of "npm-run-all"

[Funomena-Michael]

We ran an "npm audit" on our project and ran into a security vulnerability alert. It was tied to version 4.1.1 of npm-run-all which is included in the starter package.json file.

Here's the report:

=== npm audit security report ===


                                Manual Review
            Some vulnerabilities require your attention to resolve

         Visit https://go.npm.me/audit-guide for additional guidance


 Critical        Malicious Package

 Package         flatmap-stream

 Patched in      No patch available

 Dependency of   npm-run-all [dev]

 Path            npm-run-all > ps-tree > event-stream > flatmap-stream

 More info       https://nodesecurity.io/advisories/737

Updating to version 4.1.5 of "npm-run-all" resolves the issue.