There is a security vulnerability in the package.json, due to an older version of semver. This module is transitively dependent on it:

"@salesforce/eslint-config-lwc": "^3.2.3"

It should be upgraded to the most recent version, or removed altogether.

GHSA-c2qf-rxjj-qqgw