Getting this vulnerability due to a dependency of clean-publish. Though this problem only matters in devDependencies, I feel it is better to resolve it as much as possible. I also verified that the latest version of yargs does not have this vulnerability.

Is it possible to update the dependency without breaking anything?