move dep to open source serverless

[dan-greene-brivo]

Moving package.json dependency to osls from serverless as serverless v3 is not really supported anymore and osls will receive security vulnerability updates. Also added @types/lodash as it needed it to build (don't know how/why it wasn't already there)

[mnapoli]

This only changes the dev dependencies and not the peerDependencies. I'm not sure if we should change both or if it could cause issues with some people 🤔

[dan-greene-brivo]

This only changes the dev dependencies and not the peerDependencies. I'm not sure if we should change both or if it could cause issues with some people 🤔

Good catch - I'll update the peerDependency as well - unfortunately- I think there's going to be a 'line in the sand' that will be needed to take on official serverless v4 or open source v3. What do you think of putting both in peerDependency and flagging them both as optional via peerDependenciesMeta ?

[mnapoli]

Ohhh TIL about peerDependenciesMeta. That would be ideal.

Can you confirm that my interpretation is correct if we do this:

• serverless v3 or v4 users will install Lift, and it will work and not install osls
• osls users will install Lift, and it will work and not install serverless

?

[dan-greene-brivo]

right - with the setup here, you say "osls" is needed to build lift, but your choice of osls v3, serverless v2,v3,or v4 is needed to run it.