parcel depends on vulnerable versions of node-forge

[nerdoc]

🐛 bug report

when I install parcel/parcel-bundler ('npm install parcel`), I get a npm security warning:

fix available via `npm audit fix --force`
Will install parcel@0.1.0, which is a breaking change
node_modules/parcel-bundler/node_modules/node-forge
node_modules/parcel/node_modules/node-forge
  parcel  1.8.0 - 1.12.4
  Depends on vulnerable versions of node-forge
  node_modules/parcel
  parcel-bundler  >=1.4.0
  Depends on vulnerable versions of node-forge
  node_modules/parcel-bundler

## 🤔 Expected Behavior

Parcel should not depend on vulnerable versions of other libs.

## 💁 Possible Solution

I son't know? Is an update possible?

## 🌍 Your Environment

<!--- Include as many relevant details about the environment you experienced the bug in -->

| Software         | Version(s) |
| ---------------- | ---------- |
| Parcel           | 1.12.4
| Node             | --- v15.2.1 - not used here.
| npm/Yarn         | npm 7.0.8
| Operating System | Linux/Arch

[DeMoorJasper]

#5521

[nerdoc]

Oh, sorry, I just saw that searched only in open issues for node-forge and didn't find it there... My fault.
Duplicate of #5145.

[zackdotcomputer]

It looks like this issue should still be Open since #5521 appears to be still in limbo? It's unmerged and this audit warning is still popping up. Is there something holding up that PR?