Bump ini from 1.3.5 to 1.3.8 (or higher)

[bwalk1020]

Hi. I'd like to use this library for my project. However, I am currently not passing security review, due to the vulnerability of ini 1.3.5, https://ossindex.sonatype.org/component/pkg:npm/ini. Any idea of when this PR, #848 will be merged in? Thanks.

[aFarkas]

I just merged it. Can't you tailor your security review a little bit? The production build of lazysizes has zero dependencies. Meaning there is absolutely no security risk. An outdated version for devDependency has no effect.

[bwalk1020]

Thanks @aFarkas. My security team rep feels better now. However, we will take dev vs prod dependencies into account for the future. Looking forward to using this library in prod!