Get Critical vulnerabilities warning while installing it.

[abu-veltra]

(Thanks for reporting an issue! Please, then fill out the blanks below.)

What are the steps to reproduce this issue?

1. Install it via NPM
2. npm i --save-dev serverless-plugin-canary-deployments

What happens?

Got Critical vulnerabilities warning while installing this plugin to my local machine.

What were you expecting to happen?

Install normally.

Any logs, error output, etc?

flat  <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
No fix available
node_modules/serverless-plugin-canary-deployments/node_modules/flat
  serverless-plugin-canary-deployments  *
  Depends on vulnerable versions of flat
  node_modules/serverless-plugin-canary-deployments

Any other comments?

N/A

What versions of software are you using?

Node Version: v18.0.0
NPM Version: 8.6.0

[JaroVDH]

I found this issue while doing my "Are these overrides still required" rounds.
It doesn't look like this package is maintained anymore, so you'll have to override this dependency yourself, ie. add something like this to your package.json:

"overrides": {
	"serverless-plugin-canary-deployments": {
		"flat": "^5.0.2"
	},
}

[khvn26]

Hello there! We bumped a bunch of dependencies, including flat, in our fork and published it to npm.

You can try npm i @flagsmith/serverless-plugin-canary-deployments and tell us what you think!