Moderate Severity Vulnerability (update-notifier dependency)

[jvanalst]

npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install serverless-offline@5.9.0, which is a breaking change
node_modules/package-json/node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      **node_modules/update-notifier
        serverless-offline  >=5.10.0
        Depends on vulnerable versions of update-notifier
        node_modules/serverless-offline**

5 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

[dnalborczyk]

thank you @jvanalst serverless-offline is a local development plugin, where these kind of "vulnerabilities" usually do not apply. that said, transitive dependencies are updated (or can be updated) by the user themself, as we ship only the package.json (not the package-lock).