@angular-devkit/build-angular uses y18n@4.0.0 which has npm vulnerability 1654

We have updated to the latest version of @angular-devkit/build-angular, but are getting a security vulnerability with y18n in owasp dependency checker. https://www.npmjs.com/advisories/1654

├─┬ @angular-devkit/build-angular@0.1102.6
│ ├─┬ webpack@4.44.2
│ │ └─┬ terser-webpack-plugin@1.4.5
│ │ └─┬ cacache@12.0.4
│ │ └── y18n@4.0.0 deduped
│ └─┬ webpack-dev-server@3.11.2
│ └─┬ yargs@13.3.2
│ └── y18n@4.0.0

According to the advisory:
Remediation
Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later

1 possible answer(s) on “@angular-devkit/build-angular uses y18n@4.0.0 which has npm vulnerability 1654

  1. The package lock file is preventing newer versions of the package from being installed. Two options are either to try npm upgrade/yarn upgrade; or delete both the node modules directory and package lock file then re-install.