Version 10.20.1 is shown as vulnerable: 202003-48 [N] [local, remote] Node.js: Multiple vulnerabilities ( net-libs/nodejs-10.20.1 )
Package was marked as vulnerable because have no way to target multiple branches (package needs a at least subslots). There is not much we can do here: We could only ditch the GLSA which will cause that people only updating based on GLSA to not get the NodeJS upgrade. But given that we are now (6 months after the report) at >=12.18 stable, I would keep GLSA and close bug as obsolete.