I have been getting vulnerabilities in internal dependency glob-parent package of npm package - gulp.
High glob-parent before 5.1.2 vulnerable to Regular Expression
Denial of Service in enclosure regex
Package glob-parent
Patched in >=5.1.2
Dependency of gulp [dev]
Path gulp > glob-watcher > chokidar > glob-parent
I have gone through other questions as well regarding the same topic but I am unsure that those ways will keep the application working as it is now as I have seen different versions of glob-parent in package-lock.json.
Those suggested to use overrides property in package.json for glob-parent or add glob-parent to resolutions section.
Also, it has been found that this is a false positive vulnerability which is only reported in case of NPM not Yarn.
Due to some reasons, I will have to use NPM only.
Please suggest a way to get rid of these vulnerabilities where it should not affect the application.