In recent security scan of clarity, its found Clarity uses AngularJS v1.6.9 and its vulnerable to CVE-2020-7676

Clarity 16.1.x, 16.2.x

Clarity has taken steps to address these vulnerabilities in AngularJs. We have committed the AngularJs library to our code base, which locks the version and we apply security patches as they are identified. We are making progress on migrating our components out of AngularJs and we will continue this work until the AngularJs library can be removed.

Clarity version of AngularJs is 'v1.6.9.clarity.1'

The tools that provide vulnerability reporting simply look at the server versioning portion and it requires a human to look at the version to understand which have patched with clarity.

Clarity in the process of migrating components out of AngularJS and we are still migrating out of Angular to Stencil and with the patched version clarity has below also vurnebility it patched 

• Apply the code change to fix CVE-2019-10768 - Prototype Pollution
• Apply the code change to fix CVE-2020-7676 - XSS Cross site scripting 

Hence even though our angular shows 1.6.9 its actually not vulnerable.