Hi Folks,
Node-pre-gyp uses RC, which in turn is using an out of date ini version with a high severity prototype pollution vulnerability: https://app.snyk.io/vuln/SNYK-JS-INI-1048974
It looks like RC hasn't been updated in some time and it's already been a few weeks (granted there were holidays), so I'm escalating the issue here in case folks can help. See RC issue 120 and RC resolved but unmerged PR 121.
A quick review does seem to show that Dominic was responsive in the past re minimist? (See RC pull 114 and RC pull 115; cf. #493)
Thanks