Our vulnerability detection tool lists sequelize as vulnerable for semver library

Our vulnerability detection tool lists sequelize as vulnerable for semver library



npm ls semver --production 

└─┬ sequelize@6.32.0
  └── semver@7.5.1

Can you please shed light?