I've been using the Doks theme in my project and just got the following warning from Dependabot.

@hyas/[email protected] requires [email protected] via a transitive dependency on [email protected]

It links to this vulnerability. Since I don't really know your code base, I thought I'd ask if it's a problem to update semver to >= 7.5.2?