From 6d7e40d31799ff651f5345a0617265634c2de8de Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Fri, 7 Aug 2020 17:24:56 -0700
Subject: [PATCH] chore: Update update-notifier

Fixes https://github.com/serverless/serverless/issues/7486

Bump update-notifier to the current version to resolve security alerts.
However, don't load in Node.js 6 because the current version is only
supported in Node.js 8 and above. The serverless package will still work
in Node.js 6, but it will not alert people when an upgrade is available.
---
 lib/Serverless.js | 11 +++++++++--
 package.json      |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/Serverless.js b/lib/Serverless.js
index 801b7bc6418e..888ce4ce361a 100644
--- a/lib/Serverless.js
+++ b/lib/Serverless.js
@@ -5,7 +5,11 @@ const BbPromise = require('bluebird');
 const os = require('os');
 const chalk = require('chalk');
 const ensureString = require('type/string/ensure');
-const updateNotifier = require('update-notifier');
+
+// Only load update-notifier in Node.js 8 and above. The version used here may
+// not work in Node.js 6 and the versions that do work result in security
+// alerts.
+const updateNotifier = +process.versions.node.split('.')[0] < 8 ? null : require('update-notifier');
 const pkg = require('../package.json');
 const CLI = require('./classes/CLI');
 const Config = require('./classes/Config');
@@ -79,7 +83,10 @@ class Serverless {
         this.pluginManager.setCliOptions(this.processedInput.options);
         this.pluginManager.setCliCommands(this.processedInput.commands);
 
-        if (!installationMaintananceCommands.has(this.processedInput.commands[0])) {
+        if (
+          updateNotifier &&
+          !installationMaintananceCommands.has(this.processedInput.commands[0])
+        ) {
           // Check if update is available
           const notifier = updateNotifier({ pkg });
           notifier.notify({
diff --git a/package.json b/package.json
index 19496f7e6243..c8f06f154803 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,7 @@
     "tabtab": "^3.0.2",
     "type": "^2.0.0",
     "untildify": "^3.0.3",
-    "update-notifier": "^2.5.0",
+    "update-notifier": "^4.1.0",
     "uuid": "^3.4.0",
     "write-file-atomic": "^2.4.3",
     "yaml-ast-parser": "0.0.43",