Is this project still in active development? Lots of vunerabilities.

[VayneValerius]

I'm currently looking at fixing CVE issues across a number of libraries and apps in my place of work.
One of the major blockers I am having is with filemanager. When running npm audit --omit=dev I am returned with this list, all of which are contained within filemanager itself.

cookiejar  <2.1.4
Severity: moderate
cookiejar Regular Expression Denial of Service via Cookie.parse function - https://github.com/advisories/GHSA-h452-7996-h45h
fix available via `npm audit fix`
node_modules/cookiejar

extend  3.0.0 - 3.0.1
Severity: moderate
Prototype Pollution in extend - https://github.com/advisories/GHSA-qrmc-fj45-qfc2
fix available via `npm audit fix`
node_modules/extend

formidable  <3.2.4
Severity: critical
Formidable arbitrary file upload - https://github.com/advisories/GHSA-8cp3-66vr-3r4c
No fix available
node_modules/formidable
  superagent  0.4.0 - 8.1.2
  Depends on vulnerable versions of formidable
  node_modules/superagent
    @opuscapita/react-filemanager  *
    Depends on vulnerable versions of superagent
    node_modules/@opuscapita/react-filemanager

lodash-es  <=4.17.20
Severity: critical
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via `npm audit fix`
node_modules/lodash-es

I'm more than happy to make a pull request with relevant fixes, but would like to know if its worth doing or whether I should fork the project. Thanks.