Patch packages dependencies vulnerabilities

[Jordanlelay]

Work performed

• Fixed packages dependencies versions

Resolved issues

Closes #911

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/labelflow/labelflow/5RbyVDxHZhtnirMmCRCCgaTSYgXG
✅ Preview: https://labelflow-git-security-update-dependencies-labelflow.vercel.app

[bbenoist]

Summary of the changes since previous commit:

• The Pillow upgrade for IOG has been kept as-is

• 9c10073 (already made in a separate branch so I've cherry-picked it)

• immer => not a production issue but the dependency was removed by itself when upgrading Storybook

• node-fetch => as explained, it will be cleaned-up when completely switching to the new backend as it won't depend on isomorphic-fetch so we can keep the resolution entry until then (I'll add a note in Start implementing a backend with code-first schemas #910 ).
  => resolution

• shelljs => Resolved by upgrading release-it and @kubernetes/client-node but the apollo package pins and outdated version of git-rev-sync which I had to add as a resolution entry instead of the shelljs one. As the content of the apollo package is expected to be replaced by an alternative soon, we'll remove the entry once it's been done.
  => resolution for git-rev-sync instead

• follow-redirects => Not a production issue but resolved by upgrading bundlewatch and chromatic

• axios => Not a production issue but fixed by upgrading bundlewatch and chromatic

• tar => partially fixed by upgrading nodemon and @supabase/supabase-js, NextJS and Jest.
  There remains the browser-builtins package which IDK where it's actually used. As this package is a quite weak in terms of reliability we'll have to find a replacement once the backend gets cleaned up. In the meantime, I've left the tar package version which was in the resolution field.
  => resolution

• prismjs + trim-newlines => Not a production issue but resolved by upgrading Storybook.

• glob-parent => After the other upgrades, the only package using the outdated version is now @storybook/core-server (because of cpy)

  └─ @storybook/react@npm:6.4.19 [546c7] (via npm:6.4.19 [546c7])
     ├─ @storybook/core@npm:6.4.19 [11221] (via npm:6.4.19 [11221])
     │  └─ @storybook/core-server@npm:6.4.19 [a6de6] (via npm:6.4.19 [a6de6])
     │     ├─ cpy@npm:8.1.2 (via npm:^8.1.2)
     │     │  └─ globby@npm:9.2.0 (via npm:^9.2.0)
     │     │     └─ fast-glob@npm:2.2.7 (via npm:^2.2.6)
     │     │        └─ glob-parent@npm:3.1.0 (via npm:^3.1.0)
  

  => it doesn't affect production and the problem will be resolved in future Storybook updates, no further action needed

• trim => Will be resolved once Storybook supports MDX2
  => it doesn't affect production and the problem will be resolved in future Storybook updates, no further action needed

• elliptic => Fixed by upgrading NextJS

[geoffreyvancassel]

@Jordanlelay to be tested

[Jordanlelay]

Tested, didn't find any problems 👍

[Jordanlelay]

5 high severity alerts remain as of today