Browser-sync: Braces has low severity vulnerability in versions < 2.3.1

Issue details

NPM Audit returns a low severity vulnerability in the braces dependency.
NPM says the vulnerability is fixed in braces >=2.3.1

Steps to reproduce/test case

npm install browser-sync

npm audit

returns:

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ braces                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.3.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ browser-sync [dev]                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ browser-sync > micromatch > braces                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/786                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 12773 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Please specify which version of Browsersync, node and npm you're running

• Browsersync [ 2.26.3 ]
• Node [ 10.15.1 ]
• Npm [ 6.8.0 ]

Affected platforms

• [ ] linux
• [ ] windows
• [x] OS X
• [ ] freebsd
• [ ] solaris
• [ ] other _(please specify which)_

Browsersync use-case

• [ ] API
• [ ] Gulp
• [ ] Grunt
• [ ] CLI

If CLI, please paste the entire command below

not affected

for all other use-cases, (gulp, grunt etc), please show us exactly how you're using Browsersync

not affected