I'm submitting a ...

• bug report
• feature request
• support request or question => Please do not submit support request or questions here, see note at the top of this template.

What is the current behavior?

minimist: v1.2.5 brings in a security vulnerability which is currently has no fix. The following dependency chain makes json5 a vulnerable package: json5@1.0.1 › minimist@1.2.5.

What is the expected behavior?

Request for a security fix to make config package free from security vulnerabilities.