diff --git a/node_modules/ini/ini.js b/node_modules/ini/ini.js
index 590195dd31478..040125886aa94 100644
--- a/node_modules/ini/ini.js
+++ b/node_modules/ini/ini.js
@@ -80,6 +80,12 @@ function decode (str) {
     if (!match) return
     if (match[1] !== undefined) {
       section = unsafe(match[1])
+      if (section === '__proto__') {
+        // not allowed
+        // keep parsing the section, but don't attach it.
+        p = {}
+        return
+      }
       p = out[section] = out[section] || {}
       return
     }
@@ -94,6 +100,7 @@ function decode (str) {
     // Convert keys with '[]' suffix to an array
     if (key.length > 2 && key.slice(-2) === '[]') {
       key = key.substring(0, key.length - 2)
+      if (key === '__proto__') return
       if (!p[key]) {
         p[key] = []
       } else if (!Array.isArray(p[key])) {
@@ -125,6 +132,7 @@ function decode (str) {
     var l = parts.pop()
     var nl = l.replace(/\\\./g, '.')
     parts.forEach(function (part, _, __) {
+      if (part === '__proto__') return
       if (!p[part] || typeof p[part] !== 'object') p[part] = {}
       p = p[part]
     })
diff --git a/node_modules/ini/package.json b/node_modules/ini/package.json
index 269bc158dd3ab..c23bc875dd12e 100644
--- a/node_modules/ini/package.json
+++ b/node_modules/ini/package.json
@@ -2,7 +2,7 @@
   "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)",
   "name": "ini",
   "description": "An ini encoder/decoder for node",
-  "version": "1.3.5",
+  "version": "1.3.6",
   "repository": {
     "type": "git",
     "url": "git://github.com/isaacs/ini.git"
@@ -13,7 +13,7 @@
     "test": "tap test/*.js --100 -J",
     "preversion": "npm test",
     "postversion": "npm publish",
-    "postpublish": "git push origin --all; git push origin --tags"
+    "prepublishOnly": "git push origin --follow-tags"
   },
   "engines": {
     "node": "*"
diff --git a/package-lock.json b/package-lock.json
index 55105058232b3..c48ffbf3c644d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -270,7 +270,7 @@
         "graceful-fs": "^4.2.3",
         "hosted-git-info": "^3.0.6",
         "inherits": "^2.0.4",
-        "ini": "^1.3.5",
+        "ini": "^1.3.6",
         "init-package-json": "^2.0.1",
         "is-cidr": "^4.0.2",
         "leven": "^3.1.0",
@@ -3225,9 +3225,10 @@
       "license": "ISC"
     },
     "node_modules/ini": {
-      "version": "1.3.5",
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.6.tgz",
+      "integrity": "sha512-IZUoxEjNjubzrmvzZU4lKP7OnYmX72XRl3sqkfJhBKweKi5rnGi5+IUdlj/H1M+Ip5JQ1WzaDMOBRY90Ajc5jg==",
       "inBundle": true,
-      "license": "ISC",
       "engines": {
         "node": "*"
       }
@@ -11280,7 +11281,9 @@
       "version": "2.0.4"
     },
     "ini": {
-      "version": "1.3.5"
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.6.tgz",
+      "integrity": "sha512-IZUoxEjNjubzrmvzZU4lKP7OnYmX72XRl3sqkfJhBKweKi5rnGi5+IUdlj/H1M+Ip5JQ1WzaDMOBRY90Ajc5jg=="
     },
     "init-package-json": {
       "version": "2.0.1",
diff --git a/package.json b/package.json
index dab2d07a02f67..36e5bcdac2b05 100644
--- a/package.json
+++ b/package.json
@@ -64,7 +64,7 @@
     "graceful-fs": "^4.2.3",
     "hosted-git-info": "^3.0.6",
     "inherits": "^2.0.4",
-    "ini": "^1.3.5",
+    "ini": "^1.3.6",
     "init-package-json": "^2.0.1",
     "is-cidr": "^4.0.2",
     "leven": "^3.1.0",