Upgrade dependencies

[gligorkot]

Some of the dependencies within this package are marked with critical and high security issues. We should upgrade the dependencies to eliminate these.

[henhal]

Also struggling to catch up with audit warnings today and serverless-bundle is really making it difficult for me. This package basically isn't updated in years it seems. Is it abandoned?

[gligorkot]

@henhal feel free to use my fork which is PR #375, it has eliminated all of the vulnerable dependencies here.

[henhal]

That's awesome @gligorkot. Pending that PR being managed and a new official release to be made, are you considering making a npm release from your fork so we can use npm install @gligorkot/serverless-bundle, or should we use git+ssh syntax?

[gligorkot]

@henhal I only raised it today, so I'm hoping @jayair or someone from the SST team to help merge it in soon. Last PR I added here got merged within a day or two, I'm hoping it'll be similar again.

So I'd say if you need it urgently, go with the git+ssh for now until we hear back from the maintainers. No plan to push my own version at the moment, unless the maintainers have decided to stop maintaining this project.