@clement_garin The article you have mentioned is not about that the vulnerabilities should be light-heartly ignored, just citing:
As any security professional will tell you, development dependencies actually are an attack vector, and perhaps one of the most dangerous ones because it’s so hard to detect and the code runs with high trust assumptions. This is why the situation is so bad in particular: any real issue gets buried below dozens of non-issues that
npm auditis training people and maintainers to ignore. It’s only a matter of time until this happens.
Especially when Atlassian itself demands Forge developers to do security audits, see Removal of Dependency Deprecation Warnings in Forge CLI - #5 by OndejMedek