github programatically flagged maptable to have a vulnerability in qs but that actually rolls up to browser-sync:

Packet-Clearing-House/maptable

Known moderate severity security vulnerability detected in qs < 1.0.0 defined in package-lock.json. package-lock.json update suggested: qs ~> 1.0.0.

Fix is to update browser-sync to require 2.24.4 in package.json

Note - that this only affects developers of MapTable and not end users or servers hosting copies of the MapTable JS library