Hubspot CLI 4.1.6 depends on vulnerable version of update-notifier

[seanjohnston-codurance]

Description and Context

Hubspot CLI 4.1.6 depends on a vulnerable version of update-notifier (due to an indirect dependency on a vulnerable version of got in the dependency tree), as seen here: GHSA-pfrx-2q88-qq97

This downstream vulnerability is fixed in version 6.0.1 of update-notifier.

Steps to reproduce

Running npm audit flags this vulnerability.

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97

No fix available

node_modules/package-json/node_modules/got
    package-json  <=6.5.0
    Depends on vulnerable versions of got
    node_modules/package-json
        latest-version  0.2.0 - 5.1.0
        Depends on vulnerable versions of package-json
        node_modules/latest-version
            update-notifier  0.2.0 - 5.1.0
            Depends on vulnerable versions of latest-version
            node_modules/update-notifier
                @hubspot/cli  *
                Depends on vulnerable versions of update-notifier
                node_modules/@hubspot/cli

Expected behavior

No vulnerabilities found.

Who to Notify

@seanjohnston-codurance