Bump react-redux@7.2.8 and run npm audit fix

[compulim]

Changelog Entry

Changed

• Bumped all dependencies to the latest versions, by @compulim in PR #4195 and PR #4230
  • Production dependencies
    • react-redux@7.2.8

Description

Recently release of react@18 broke react-redux@7.2.6 due to the way NPM handle peer dependencies, documented at reduxjs/react-redux#1881. We need to bump to react-redux@>=7.2.7.

Also, we run npm audit fix manually for a couple of dependabot asks. This is because dependabot cannot handle lerna properly and dropped some of our local deps in the PR. This is for minimalist and node-forge.

Design

The new peer deps feature in npm is designed to only look at immediately peer deps.

Web Chat requires peer deps of react@>=16.8.6. When npm evaluates, it considers react@18 as the base version.

Then, npm tries to install react-redux@7.2.6. As react-redux requires react@16.8 || 17 and react@18 is not a peer deps, npm consider Web Chat failed the deps.

As npm only look at immediate package.json for peer deps and do not negotiate, it could not figure out other possible candidates, such as, react@16.8.6. Thus, react-redux needs to do an emergency patch @7.2.7 to mitigate the "side effect of release of react@18".

Specific Changes

• Bump to react-redux@7.2.8
• Run npm audit fix on all packages, including samples

• I have added tests and executed them locally
• I have updated CHANGELOG.md
• I have updated documentation

Review Checklist

This section is for contributors to review your work.

• Accessibility reviewed (tab order, content readability, alt text, color contrast)
• Browser and platform compatibilities reviewed
• CSS styles reviewed (minimal rules, no z-index)
• Documents reviewed (docs, samples, live demo)
• Internationalization reviewed (strings, unit formatting)
• package.json and package-lock.json reviewed
• Security reviewed (no data URIs, check for nonce leak)
• Tests reviewed (coverage, legitimacy)