SCAN4NET-99 Bump dependencies on Angular and React ClientApp

[CristianAmbrosini]

I used npm audit fix—-force to update the dependencies of MultiLanguageSupportReact and MultiLanguageSupportAngular projects to the latest versions and resolve vulnerabilities.

[pavel-mikula-sonarsource]

Based on the report, these packages should be updated:

• postcss
• webpack-dev-middleware
• webpack
• send

Only the send package seems to be updated to expected version. I don't see the others in this PR.

[CristianAmbrosini]

@pavel-mikula-sonarsource, good catch, npm audit fix was detecting those vulnerabilities but was not bumping them for some reason (package-lock was probably messed up).

For future reference, I had to:

• delete package-lock.json
• delete node_modules folder
• run npm install again

This appears to have resolved the issue.

[CristianAmbrosini]

I have the feeling that certain high-severity vulnerabilities may frequently appear in some of these package versions, whether they are direct dependencies or transitive ones. We should find a more clever solution, I was not able to find if it's possible to exclude some folders from the scan. What about just ignoring those emails if the target is MultiLanguageSupportAngular or MultiLanguageSupportReact project? I would also extend it to the whole its folder, I don't think we care too much if there are vulnerabilities over there, correct me if I'm wrong. WDYT?

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[pavel-mikula-sonarsource]

LGTM

[pavel-mikula-sonarsource]

The idea is to try to bump it once and see how often it will re-appear. If it comes again more than once a year, we'll just accept the report as won't fix