Update update-notifier to resolve got vulnerability CVE-2022-33987

[illandril]

json-server depends on a vulnerable version of got (by way of update-notifier -> latest-version -> package-json -> got).

Updating update-notifier to 6.0.2 would resolve this (but I'm not sure how much else would need to change to allow that upgrade).

[riker09]

Looks like this is going to be a not so easy task. I tried to create a PR for this but then I discovered why the update of the npm package update-notifier from 5.x to 6.x is considered a breaking change. That package is all ESM now (see https://github.com/yeoman/update-notifier/releases/tag/v6.0.0).

I guess I could take a shot at converting json-server to use the new ESM import / from syntax.

---

Source: https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c

[riker09]

Unfortunately it is that time of the year (you know, where people take a break from their work and go on vacations) and I haven't gotten around to tackle this. And I probably won't, looking and the rate that issues and PRs are handled here.

I have discovered something similar that might replace json-server for my project: Mockoon.

[typicode]

Thank you for the PR!