RedHat has issued an advisory today (January 23):
The issue is fixed upstream in 1.2.6.
Mageia 8 is also affected.
Fixed upstream in 1.2.6
This is something hardly touched (the current version is 2y old), no evident packager, so assigning globally.
The updated package fixes a security vulnerability:
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). (CVE-2021-44906)
Updated package in core/updates_testing:
Fixed upstream in 1.2.6 =>
MGA8-64 MATE on Aver Aspire 5253
No installation issues
Validating. Advisory in Comment 2.
An update for this issue has been pushed to the Mageia Updates repository.