Allowable minimist version has critical security advisory

glyphhanger uses minimist ^1.2.5

https://github.com/zachleat/glyphhanger/blob/ef6485b1d84b55234dc13e493cb85676e37dae0b/package.json#L36

1.2.5 has a critical security advisory https://github.com/advisories/GHSA-xvch-5gv4-984h

The vulnerability is patched in minimist 1.2.6


_edit: title had an over-zealous copypaste from spider-pig issue 10_