Update npm to resolve 48 vulnerabilities

[kinghrothgar]

What kind of change does this PR introduce? (check at least one)

• Bugfix
• Feature
• Code style update
• Refactor
• Build-related changes
• Other, please describe: Security patch

The PR fulfills these requirements:

• All tests are passing?
• New/updated tests are included?
• If any static assets have been updated, has ui/bindata.go been regenerated?
• Are there doc blocks for functions that I updated/created?

If adding a new feature, the PR's description includes:

• A convincing reason for adding this feature (to avoid wasting your time, it's best to open a suggestion issue first and wait for approval before working on it)

Other information:

main currently has 48 vulnerabilities (21 moderate, 22 high, 5 critical)

# npm audit report

acorn  6.0.0 - 6.4.0
Severity: high
Regular Expression Denial of Service in Acorn - https://github.com/advisories/GHSA-6chw-6frg-f759
fix available via `npm audit fix`
node_modules/acorn

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/ajv

ansi-html  <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
  webpack-dev-server  2.0.0-beta - 4.7.2
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of selfsigned
  Depends on vulnerable versions of sockjs
  Depends on vulnerable versions of yargs
  node_modules/webpack-dev-server

ansi-regex  3.0.0 || 4.0.0 - 4.1.0 || 5.0.0
Severity: high
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/@jest/core/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/jest-runtime/node_modules/ansi-regex
node_modules/jest/node_modules/ansi-regex
node_modules/pretty-format/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/cliui/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/string-width/node_modules/ansi-regex

async  2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist

dns-packet  <1.3.2
Severity: high
Potential memory exposure in dns-packet - https://github.com/advisories/GHSA-3wcq-x3mq-6r9p
fix available via `npm audit fix`
node_modules/dns-packet

elliptic  <=6.5.3
Severity: high
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
Signature Malleabillity in elliptic - https://github.com/advisories/GHSA-vh7m-p724-62c2
fix available via `npm audit fix`
node_modules/elliptic

eventsource  <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
fix available via `npm audit fix`
node_modules/eventsource

follow-redirects  <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
fix available via `npm audit fix`
node_modules/follow-redirects

glob-parent  <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    watchpack  0.2.2 - 1.6.1
    Depends on vulnerable versions of chokidar
    node_modules/watchpack

http-proxy  <1.18.1
Severity: high
Denial of Service in http-proxy - https://github.com/advisories/GHSA-6x33-pw7p-hmpq
fix available via `npm audit fix`
node_modules/http-proxy

ini  <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/fsevents/node_modules/ini
node_modules/ini

jsdom  <=16.4.0
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jsdom
  jest-environment-jsdom  10.0.2 - 25.5.0
  Depends on vulnerable versions of jsdom
  node_modules/jest-environment-jsdom
    jest-config  12.1.1-alpha.2935e14d - 25.5.4
    Depends on vulnerable versions of @jest/test-sequencer
    Depends on vulnerable versions of jest-environment-jsdom
    Depends on vulnerable versions of jest-jasmine2
    node_modules/jest-config
      jest-cli  12.1.1-alpha.2935e14d || 12.1.2-alpha.6230044c - 25.5.4
      Depends on vulnerable versions of @jest/core
      Depends on vulnerable versions of jest-config
      node_modules/jest/node_modules/jest-cli
        jest  24.2.0-alpha.0 - 25.5.4
        Depends on vulnerable versions of @jest/core
        Depends on vulnerable versions of jest-cli
        node_modules/jest
      jest-runner  21.0.0-alpha.1 - 25.5.4
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-jasmine2
      Depends on vulnerable versions of jest-runtime
      node_modules/jest-runner
        @jest/test-sequencer  <=25.5.4
        Depends on vulnerable versions of jest-runner
        Depends on vulnerable versions of jest-runtime
        node_modules/@jest/test-sequencer
      jest-runtime  12.1.1-alpha.2935e14d - 25.5.4
      Depends on vulnerable versions of jest-config
      node_modules/jest-runtime
        jest-jasmine2  24.2.0-alpha.0 - 25.5.4
        Depends on vulnerable versions of jest-runtime
        node_modules/jest-jasmine2

json-schema  <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/jsprim

lodash  <=4.17.20
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix`
node_modules/lodash

minimist  <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/@cnakazawa/watch/node_modules/minimist
node_modules/fsevents/node_modules/minimist
node_modules/fsevents/node_modules/rc/node_modules/minimist
node_modules/json5/node_modules/minimist
node_modules/loader-utils/node_modules/minimist
node_modules/minimist
node_modules/sane/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/fsevents/node_modules/mkdirp
  node_modules/mkdirp

node-forge  <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Prototype Pollution in node-forge - https://github.com/advisories/GHSA-92xj-mqp7-vmcj
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix`
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

node-notifier  <8.0.1
Severity: moderate
OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-notifier
  @jest/reporters  <=26.4.0
  Depends on vulnerable versions of node-notifier
  node_modules/@jest/reporters
    @jest/core  <=25.5.4
    Depends on vulnerable versions of @jest/reporters
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-runner
    Depends on vulnerable versions of jest-runtime
    node_modules/@jest/core

path-parse  <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse

serialize-javascript  <3.1.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
fix available via `npm audit fix`
node_modules/serialize-javascript
  terser-webpack-plugin  <=1.4.3 || 2.0.0 - 2.3.5
  Depends on vulnerable versions of serialize-javascript
  node_modules/terser-webpack-plugin

sockjs  <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix`
node_modules/sockjs

ssri  5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/ssri

tar  <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/fsevents/node_modules/tar

tmpl  <1.0.5
Severity: high
Regular Expression Denial of Service in tmpl - https://github.com/advisories/GHSA-jgrx-mgxx-jf9v
fix available via `npm audit fix`
node_modules/tmpl

url-parse  <=1.5.8
Severity: critical
Incorrect hostname / protocol due to unstripped leading control characters. - https://github.com/advisories/GHSA-jf5r-8hm2-f872
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
Open redirect in url-parse - https://github.com/advisories/GHSA-hh27-ffr2-f2jc
Incorrect returned href via an '@' sign but no user info and hostname - https://github.com/advisories/GHSA-8v38-pw62-9cw2
Path traversal in url-parse - https://github.com/advisories/GHSA-9m6j-fcg5-2442
fix available via `npm audit fix`
node_modules/url-parse

websocket-extensions  <0.1.4
Severity: high
Regular Expression Denial of Service in websocket-extensions (NPM package) - https://github.com/advisories/GHSA-g78m-2chm-r7qv
fix available via `npm audit fix`
node_modules/websocket-extensions

ws  6.0.0 - 6.2.1 || 7.0.0 - 7.4.5
Severity: moderate
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
fix available via `npm audit fix`
node_modules/jsdom/node_modules/ws
node_modules/ws

y18n  4.0.0
Severity: high
Prototype Pollution in y18n - https://github.com/advisories/GHSA-c4w7-xm78-47vh
fix available via `npm audit fix`
node_modules/y18n

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/yargs-parser
node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/webpack-dev-server/node_modules/yargs

48 vulnerabilities (21 moderate, 22 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Zero vulnerabilities after this PR

This PR unfortunately currently depends on #430 because of this issue I'm running into: #432
If I can be assisted figuring out how to fix just that, I should be able to get this PR working without depending on #430.

I verified that the following worked:

• make test
• make ui
• make node_modules
• docker build . (also started container and verified that everything in the webpage worked as expected)
• houndd --dev (verified that everything in the webpage worked as expected)

[salemhilal]

Hey @kinghrothgar, @kellegous merged in some related work a few days ago and I realize it overlaps with this PR. Do you want to take a pass at updating this PR to see if there are any changes remaining? I'm going to close it for now, but let me know either way, and thank you for the contributions!