[Chore] Security vulnerability audit (#1685)

* vuln audit create-sitecore-jss package

* vuln audit sitecore-jss package

* vuln audit sitecore-jss-angular package

* vuln audit sitecore-jss-angular-schematics package

* vuln audit sitecore-jss-cli package

* vuln audit sitecore-jss-dev-tools package

* vuln audit sitecore-jss-forms package

* vuln audit sitecore-jss-proxy package

* vuln audit sitecore-jss-react package

* vuln audit sitecore-jss-react-forms package

* vuln audit sitecore-jss-vue package

* vuln audit sitecore-jss-rendering-host package

* fix sitecore-jss-rendering-host build

* vuln audit sitecore-jss-nextjs

* fix react native build

* bump version of graphql in react template

* fix sitecore-jss-dev-tools tests issue

* update @types/node version in angular package to be aligned with the version in sitecore-jss packages; this fixes test run in sitecore-jss-angular

* update changelog

* nextjs sample critical vulnerability fix - downgrade minor version of graphql-let

* updated move-cli version in angular template

* Update CHANGELOG.md

Co-authored-by: Illia Kovalenko <[email protected]>

* remove package-lock.json from source control

* revert downgrade of graphql-let in next template

* fix some vulns after merge from dev

* some more vuln fixes after merge; bump typedoc version to resolve peer dependency issue

* add overrides for build fix and remove unnecessary resolutions field in react-native package.json

---------

Co-authored-by: Illia Kovalenko <[email protected]>

CHANGELOG.md

@@ -47,6 +47,10 @@ Our versioning strategy is as follows:
   * Exported _ImageFieldValue_ and _LinkFieldValue_ interfaces.
   * See more information about the upgrade in the [Angular 16 Migration Guide](https://update.angular.io/?l=3&v=15.0-16.0)
 
+### 🧹 Chores
+
+* Security vulnerability audit ([#1685](https://github.com/Sitecore/jss/pull/1685))
+
 ## 21.6.0
 
 ### 🎉 New Features & Improvements

package.json

@@ -30,12 +30,14 @@
     "eslint-plugin-prettier": "^3.3.0",
     "lerna": "^5.6.2",
     "prettier": "^1.14.3",
-    "typedoc": "^0.23.28",
+    "typedoc": "^0.24.0",
     "typedoc-plugin-markdown": "^3.11.3",
     "typescript": "~4.7.4"
   },
   "resolutions": {
-    "eslint-plugin-jsx-a11y": "6.7.1"
+    "eslint-plugin-jsx-a11y": "6.7.1",
+    "@types/react-native/@types/react": "17.0.34",
+    "@types/react-native-htmlview/@types/react": "17.0.34"
   },
   "workspaces": [
     "packages/*",

packages/create-sitecore-jss/src/templates/angular/package.json

@@ -121,7 +121,7 @@
     "karma-coverage-istanbul-reporter": "~3.0.3",
     "karma-jasmine": "~4.0.1",
     "karma-jasmine-html-reporter": "~1.5.4",
-    "move-cli": "^1.2.1",
+    "move-cli": "^2.0.0",
     "npm-run-all": "~4.1.5",
     "protractor": "^7.0.0",
     "ts-node": "~10.9.0",

packages/create-sitecore-jss/src/templates/react/package.json

@@ -37,7 +37,7 @@
     "bootstrap": "^5.2.3",
     "cross-fetch": "^3.1.5",
     "deep-equal": "^2.1.0",
-    "graphql": "~16.6.0",
+    "graphql": "~16.8.1",
     "graphql-tag": "~2.12.6",
     "i18next": "^22.0.6",
     "react": "^18.2.0",

packages/sitecore-jss-dev-tools/src/templating/utils.test.ts

@@ -40,6 +40,7 @@ describe('utils', () => {
         return false;
       },
       name: '',
+      path: '',
     };
 
     const setupFolderTest = (path: string) => {

packages/sitecore-jss-react-native/package.json

@@ -64,8 +64,13 @@
     "ts-jest": "~26.0.0",
     "typescript": "~4.3.5"
   },
-  "resolutions": {
-    "babel-core": "6.26.3"
+  "overrides": {
+    "@types/react-native": {
+      "@types/react": "17.0.34"
+    },
+    "@types/react-native-htmlview": {
+      "@types/react": "17.0.34"
+    }
   },
   "types": "./types/index.d.ts",
   "gitHead": "2f4820efddf4454eeee58ed1b2cc251969efdf5b",

packages/sitecore-jss-rendering-host/package.json

@@ -41,7 +41,7 @@
     "@types/glob": "^8.0.1",
     "@types/mocha": "^10.0.1",
     "@types/node": "^18.11.18",
-    "@types/webpack": "5.28.0",
+    "@types/webpack": "5.28.5",
     "@types/webpack-dev-middleware": "2.0.5",
     "@types/webpack-dev-server": "3.1.7",
     "chai": "^4.3.0",