There's currently a node.js vulnerability in the braces package required indirectly by stylelint (stylelint > micromatch > braces).
It's fixed by upgrading stylelint to 9.8.0, which requires the micromatch version that first requires the fixed braces.
Affected extensions (per Github alert):
- CodeReview
- Collection
- ContributionTracking