This package has a dependency towards node-pushnotifications@1.4.1 which has an upstream vulnerability towards node-forge: https://www.npmjs.com/advisories/1561

The vulnerability has been fixed upstream by node-pushnotifications@1.4.3 (latest release being node-pushnotifications@1.5.0)

Would it be possible to release a new version of this package bumping that dependency, to fix this vulnerability issue?

I have no experience with that dependency myself, but it is not a major release so I am expecting such a bump to be straightforward...?

Any update on this. Any issues in merging suggested PR - #84?

I am not quite certain this package is still actively maintained to be honest. That would be sad since I do not know a lot of alternatives, but this is the Open Source life 🤷‍♂