Dependabot alerts on dependencies

[apiology]

Hi!

Some of the dependencies of alfy and friends seem to be a bit old, resulting in some dependabot alerts in my projects which use it:

• alfy@1.0.0 requires plist@^2.0.1 (which has a "critical" security flaw) via a transitive dependency on {alfred-link@0.3.1,alfred-notifier@0.2.3}.`
• alfy@1.0.0 requires got@^6.7.1 (which has a "moderate" security flaw) via a transitive dependency on package-json@4.0.1.
• alfy@1.0.0 requires got@^12.0.3 (which has a "moderate" security flaw)

I doubt these dependencies are taking in direct user input or anything, but the alerts create noise which could hide real issues, so it'd be nice to get rid of them.

I'm using this workaround in my package.json to allow newer versions of those items and things seem to work just fine - I tested an npm install and verified the workflow installed into Alfred looked and worked fine and the dependabot alerts went away:

  "resolutions": {
    "alfy/**/plist": "^3.0.5",
    "alfy/**/got": "^12.1.0"
  },

Would you be open to PRs to address? Happy to push something up, but certainly don't wait on me if you agree.

[sindresorhus]

via a transitive dependency on {alfred-link@0.3.1,alfred-notifier@0.2.3}.`

I would recommend trying to fix this at the source, meaning submitting a pull request to alfred-link and alfred-notifier.

[apiology]

My mistake.