Bump [email protected] or sass-graph@^4.0.1. Vulnerability in node-sass > sass-graph > scss-tokenizer

[TarasIrisCRM]

• NPM version (npm -v): 8.5.5
• Node version (node -v): v16.16.0
• Node Process (node -p process.versions):
  {
  node: '16.16.0',
  v8: '9.4.146.24-node.21',
  uv: '1.43.0',
  zlib: '1.2.11',
  brotli: '1.0.9',
  ares: '1.18.1',
  modules: '93',
  nghttp2: '1.47.0',
  napi: '8',
  llhttp: '6.0.7',
  openssl: '1.1.1q+quic',
  cldr: '40.0',
  icu: '70.1',
  tz: '2021a3',
  unicode: '14.0',
  ngtcp2: '0.1.0-DEV',
  nghttp3: '0.1.0-DEV'
  }
• Node Platform (node -p process.platform): linux
• Node architecture (node -p process.arch): x64
• node-sass version (node -p "require('node-sass').info"):
  node-sass 7.0.1 (Wrapper) [JavaScript]
  libsass 3.5.5 (Sass Compiler) [C/C++]
• npm node-sass versions (npm ls node-sass):
  +-- [email protected]
  ++-- [email protected]
  +++-- [email protected] deduped

There is the following dependencies tree:
─┬ [email protected]
│ └┬ [email protected]
│ │└─ [email protected]

The [email protected] have the following vulnerability issues:
GHSA-7mwh-4pqv-wmr8
https://security.snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884

Is there a chance that [email protected] dependency can be updated in order to fix the issue?

Thank you!

[github-sj]

Can somebody please provide an ETA on when this can be done?