NPM complaining about this old version of diff

[j1000]

snapshot/package-lock.json

Lines 2114 to 2115 in 2678cd2

	"diff": {
	"version": "1.4.0",

I'm relatively new to NPM but I believe it's complaining about a "high" vulnerability with this dependency.

                       === npm audit security report ===                        


                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           


  High            Regular Expression Denial of Service                          

  Package         diff                                                          

  Patched in      >= 3.5.0                                                      

  Dependency of   @cypress/snapshot [dev]                                       

  Path            @cypress/snapshot > snap-shot-compare > disparity > diff      

  More info       https://npmjs.com/advisories/1631                             

found 1 high severity vulnerability in 558 scanned packages
  1 vulnerability requires manual review. See the full report for details.

[egrubbs]

PR #125

[eltonlauhk01]

PR #125

the PR is merged, but it's not publish to https://www.npmjs.com/package/@cypress/snapshot yet