https://github.com/dominictarr/event-stream/issues/116
https://www.npmjs.com/advisories/737
Run yarn audit in a project that has @nuxtjs/apollo as a dependency.

flatmap-stream > 0.1.1
flatmap-stream = 0.1.1
https://github.com/dominictarr/event-stream/issues/116
https://www.npmjs.com/advisories/737
I think you have to re-publish the package on npm after the build. Seems that the issue does not exists when checking out the repo and installing. Will try to remove my node_modules in my project and install again...
Update: If you have that issue, remove the whole node_modules and your yarn.lock or package-lock.json and run the install again. After that you should be save.
My advice would still be a bump in version so that would not be neccessary anymore as the given lock files would be updated and the end user only needs to bump the version or do a normal install again.

It's the vue-cli plugin that is affected, not that lib.
However, I've updated the deps on the branch 馃憤