[SOLVED] How to resolve vulnerabilities in meteor-node-stubs and node-fetch

I have a sample system called BowFolios that I maintain for my students. I have just updated it to the latest release of Meteor, and found two “high” vulnerabilities:

Here is my packages file:

Since this is a subdependency, a simple npm audit fix won’t fix it. What should I do?

Fixed it by comparing to the default app created by meteor. Needed to change package.json to:

"meteor-node-stubs": "^1.0.1",

Also discovered that react-addons-pure-render-mixin is not needed, so I simply deleted that package.