Upgrading to v2.88.1-postman.33 will resolve the tough-cookie vulnerability as a dependency.