Yeah I saw this happen to me as well. Not sure why... When i went through updating my forum though, the
./nodebb upgrade step caught it.
I've since published 1.1.0 which upgrades the dependencies to something more recent, and less vulnerable. Apparently
npm audit caught it but snyk didn't...