Do periodic security update (yarn audit)

[wincent]

Similar to issues in other repos:

• Do periodic security update (yarn audit) liferay-npm-tools#491
• Do periodic security update (yarn audit) liferay-js-themes-toolkit#504

This issue will substitute these currently open dependabot PRs:

• Bump websocket-extensions from 0.1.3 to 0.1.4 #233 (websocket-extensions)
• Bump elliptic from 6.5.1 to 6.5.3 #235 (elliptic)
• Bump handlebars from 4.4.5 to 4.7.6 #236 (handlebars)
• Bump http-proxy from 1.18.0 to 1.18.1 #237 (http-proxy)

Note that in this repo, too, we applied new config to limit Dependabot to one open PR at a time — it will still "spam" us, in the sense that if we close that PR it can open another, but at least we won't have up to 10 open PRs in the list at any one time.

More context on our policy here: https://github.com/liferay/liferay-frontend-guidelines/blob/master/general/security.md

[wincent]

Adding: #240 (uglifyjs-webpack-plugin)

[wincent]

Adding: #241 (eslint-config-liferay)

In case you're wondering why it sent us a PR for one of our own dependencies, I guess it sent this PR because the underlying vulnerability in lodash (via eslint-plugin-notice).

[wincent]

Whoops, wrong button.

[wincent]

Adding: #242 (jest)

[wincent]

Adding: #243 (prettier)

[wincent]

Adding: #244 (fs-extra)

[wincent]

Adding: #245 (publish-please)

[wincent]

Adding: #246 (jest)

Although will probably move this project into the monorepo before the next audit, at which time it will get the newer shared version of Jest anyway.

[wincent]

Whatever is left on the audit list is going to be handled in liferay/liferay-frontend-projects#112 so I'm going to close this one.