Serverless Stack

Does the team run something like `yarn audit` as part of the build process?  Are there any plans to fix the vm2 vulnerabilities: <https://github.com/advisories/GHSA-6pw2-5hjv-9pf7>?

Hi <@U02BLN4A25N>, we currently aren’t running it as part of the build process right now. But that’s a good suggestion. Let me put that down on our roadmap.

Let me see if I can manually resolve the vm2 vulnerability temporarily.

^^ <https://github.com/serverless-stack/serverless-stack/issues/1367>

<@U02BLN4A25N> dug into this a bit, `vm2` is a dependency of CDK, and the version is pinned to `^3.9.3`. The lock file shows `3.9.6` is being used. So it seems we are not vulnerable to this?