Is npm-audit reporting a spurious vulnerability or is npm-ls lying to me?

Question

So I\'m working on an angular project; npm audit currently reports some vulnerabilities with the ini package (listed here: https://github.com/angul