ini 1.3.5 dependency has prototype pollution

[adityapant1286]

There is low-level vulnerability for ini 1.3.5 dependency. Unfortunately, this version has seen the end of life and the current version is 2.0.0. Is it possible to update the dependency to the latest version?

[stieben]

This looks like a duplicate of #26.

[phated]

The caret (^) in the semver range actually means you will already get that bugfix patch! You just need to remove your lockfile and reinstall your dependencies.