Vulnerabilities from old version of dependencies

[ryukato]

Feature request

There is vulnerability issue from dot-prop:4.2.0, detail of issue and dependency path is as following
So I appreciate if you update to use latest version of update-notifier

───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ dot-prop                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ docsify-cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ docsify-cli > update-notifier > configstore > dot-prop       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1213                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

What problem does this feature solve?

Resolve the vulnerability issue from dot-prop:4.2.0

What does the proposed API look like?

How should this be implemented in your opinion?

Are you willing to work on this yourself?

[sy-records]

Like it's an ava dependency?

[ryukato]

Like it's an ava dependency?

Sorry I don't get what is ava dependency, but vulnerability issue caused transitive dependency that is dot-prop:4.2.0. So I think the vulnerability issue will be resolved by using higher version of dependency.