Security audit fails

[srfrnk]

gc-stats is no longer supported and contains 4 vulnerabilities (2 moderate, 2 high)

$ npm audit fix
npm WARN audit fix [email protected] node_modules/gc-stats/node_modules/tar
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at node_modules/gc-stats
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the gc-stats package.
npm WARN audit fix [email protected] node_modules/gc-stats/node_modules/ini
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at node_modules/gc-stats
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the gc-stats package.
npm WARN audit fix [email protected] node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at node_modules/gc-stats
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the gc-stats package.
npm WARN audit fix [email protected] node_modules/gc-stats/node_modules/minimist
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at node_modules/gc-stats
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the gc-stats package.
npm WARN audit fix [email protected] node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at node_modules/gc-stats
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the gc-stats package.

up to date, audited 270 packages in 859ms

15 packages are looking for funding
  run `npm fund` for details

# npm audit report

ini  <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/ini

minimist  >=1.0.0 <1.2.3 || <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/minimist
node_modules/gc-stats/node_modules/rc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/gc-stats/node_modules/mkdirp

tar  <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/tar

4 vulnerabilities (2 moderate, 2 high)

To address all issues, run:
  npm audit fix

Comes from depenedncy prometheus-gc-stats - an issue has been created

What's the best way to make using this secure again?