Severity vulnerability - npm- laravel 8 packages and dependency

Question

  High            Denial of Service    
  Package         css-what    
  Patched in      >=5.0.1    
  Dependency of   laravel-mix [dev]    
  Path            laravel-mix > cssnano > cssnano-preset-default >
                  postcss-svgo > svgo > css-select > css-what

This is what indicating in npm audit. npm update  or npm audit fix is not fixing this and needs manual work here. If I use npm audit fix --force it returns with the following warning:

@vue/compiler-sfc@3.1.2 requires a peer of vue@3.1.2 but none is installed. You must install peer dependencies yourself.

in this condition, if I run npm  run dev  , it shows two warning saying that the web pack compiled with 2 warnings

WARNING in ./node_modules/prismjs/components/index.js 42:23-54
Critical dependency: the request of a dependency is an expression
WARNING in ./node_modules/prismjs/components/index.js 45:2-25
Critical dependency: the request of a dependency is an expression

My package.Json

"devDependencies": {
        "@fortawesome/fontawesome-svg-core": "^1.2.35",
        "@fortawesome/free-solid-svg-icons": "^5.15.3",
        "@vue/compiler-sfc": "^3.1.2",
        "autosize": "^5.0.0",
        "axios": "^0.21",
        "bootstrap": "^4.6.0",
        "install": "^0.13.0",
        "jquery": "^3.2",
        "laravel-mix": "^6.0.24",
        "lodash": "^4.17.19",
        "markdown-it": "^8.4.2",
        "markdown-it-prism": "^2.1.6",
        "popper.js": "^1.12",
        "postcss": "^8.3.5",
        "resolve-url-loader": "^4.0.0",
        "sass": "^1.35.1",
        "sass-loader": "^8.0.0",
        "typescript": "^4.3.4",
        "vue": "^2.5.17",
        "vue-izitoast": "^1.2.1",
        "vue-loader": "^15.9.7",
        "vue-template-compiler": "^2.6.10"
    },
    "dependencies": {
        "prismjs": "^1.23.0"
    }
}

---

Update after 6-26-2021

Currently my npm audit report:

# npm audit report

css-what  <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install laravel-mix@5.0.9, which is a breaking change
node_modules/css-what
  css-select  <=3.1.2
  Depends on vulnerable versions of css-what
  node_modules/css-select
    svgo  >=1.0.0
    Depends on vulnerable versions of css-select
    node_modules/svgo
      postcss-svgo  >=4.0.0-nightly.2020.1.9
      Depends on vulnerable versions of svgo
      node_modules/postcss-svgo
        cssnano-preset-default  *
        Depends on vulnerable versions of postcss-svgo
        node_modules/cssnano-preset-default
          cssnano  >=4.0.0-nightly.2020.1.9
          Depends on vulnerable versions of cssnano-preset-default
          node_modules/cssnano
            laravel-mix  5.0.8 || >=6.0.0-alpha.0
            Depends on vulnerable versions of cssnano
            node_modules/laravel-mix

and pakage,json (updated to)

"devDependencies": {
        "@fortawesome/fontawesome-svg-core": "^1.2.35",
        "@fortawesome/free-solid-svg-icons": "^5.15.3",
        "autosize": "^4.0.2",
        "axios": "^0.21",
        "bootstrap": "^4.3.1",
        "cross-env": "^5.2.1",
        "jquery": "^3.4.1",
        "laravel-mix": "^6.0.25",
        "lodash": "^4.17.19",
        "markdown-it": "^8.4.2",
        "markdown-it-prism": "^2.1.6",
        "popper.js": "^1.15.0",
        "postcss": "^8.3.5",
        "resolve-url-loader": "^4.0.0",
        "sass": "^1.35.1",
        "sass-loader": "^8.0.0",
        "typescript": "^4.3.4",
        "vue": "^2.5.17",
        "vue-izitoast": "^1.2.1",
        "vue-loader": "^15.9.7",
        "vue-template-compiler": "^2.6.10"
    }