Dependabot is reporting a vulnerability in the swagger-ui-dist version used by this package:

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

The swagger-ui-dist package is listed in the greenkeeper ignore section of the package.json for this project. Is it absolutely necessary to continue using this insecure version or is it possible to update to the latest 4.1.3?