Those vulnerabilities are only on building tools not the code running in sao.
The main problem is that Javascript we have chosen to build when starting sao are not deprecated as it is too often the case in Javascript world. That’s why we plan to reduce them with State of the dependencies of the web client