upgrade deps with vulnerabilities

[alxnddr]

We've got a couple of deps with critical vulnerabilities. Fortunately, these dependencies come from building tools and documentation, which does not threaten the application itself. However, I added resolutions to secure packages for now. Once this PR facebook/create-react-app#11624 gets merged we will be able to remove these package resolutions.

[codecov]

Codecov Report

Merging #19128 (8fdc4f0) into master (8ea40b6) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master   #19128   +/-   ##
=======================================
  Coverage   64.90%   64.90%           
=======================================
  Files        1866     1866           
  Lines       70677    70677           
  Branches     7762     7762           
=======================================
  Hits        45872    45872           
  Misses      21384    21384           
  Partials     3421     3421           

Flag	Coverage Δ
front-end	43.54% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8ea40b6...8fdc4f0. Read the comment docs.

[ariya]

Can you rebase to the latest master? That shall fix the CI timeout issue on some of the checks.