dot-prop 4.2.0 installs with nodejs 14 creating security issue

[dominopetter]

Version: v14.7.0
Platform: Linux 359fde9c186f 5.3.0-1019-aws #21~18.04.1-Ubuntu SMP Mon May 11 12:33:03 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Subsystem: dot-prop

What steps will reproduce the bug?

curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt-get install -y nodejs

Installs dot-prop 4.2.0 in /usr/lib/node_modules/npm/node_modules/dot-prop
https://www.npmjs.com/advisories/1213

How often does it reproduce? Is there a required condition?

Every time nodejs installs

What is the expected behavior?

dot-prop >=5.1.1 should install

[bnoordhuis]

The .deb isn't maintained by us, but by nodesource. What's more, npm isn't maintained by us either, only distributed. It's its own project. Can you report your issue over at https://npm.community/? Thanks.

[marijus-ravickas]

@bnoordhuis
Seems like issue is solved in version 6.14.8.
npm/cli#1682 (comment)
Will it be included in to next release or some minor patching will be done? Node version 12 is also affected by the issue.