Update vulnerable dependencies

[AyanSinhaMahapatra]

from @pombredanne

We could have some vulnerable dependencies and it would be nice to review if we can
update our dependencies.

For example currently on https://github.com/nexB/scancode-workbench/tree/feature/unittests
if we run npm install we have

28 vulnerabilities (5 moderate, 22 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

There are 3 sources where we can check for potential vulnerabilities:

1, We should update these packages that show up on npm install
2. We also should look at dependabot notifications for the same thing.
3. And another thing could be to run SCIO pipelines to get purls and look up vulnerabilities for workbench (and maybe compare them across npm and dependabot :P )

This would be nice to have before the stable release.
Other non-vulnerable dependency upgrades should be also something we can look at potentially,
these could have useful updates and upgrades too.

[AyanSinhaMahapatra]

See the scan results and screenshot from SCIO for reference:

scancodeio_workbench-deps-v2-feature-unittests.json
Vulnerable deps as reported by SCIO:

pkg:npm/cacheable-request@7.0.2
pkg:npm/d3-color@1.4.1
pkg:npm/electron@24.1.1
pkg:npm/execa@1.0.0
pkg:npm/minimatch@3.0.4
pkg:npm/nth-check@1.0.2
pkg:npm/semver@7.0.0
pkg:npm/word-wrap@1.2.3
pkg:npm/yaml@1.10.2

[OmkarPh]

Finally fxed all vulnerabilities !!

[OmkarPh]

I've built and tested dev as well as release application.
Just to be on a safer side, you can try one of these https://github.com/OmkarPh/scancode-workbench/releases/tag/v4.0.0-vulnerability-fixes

[OmkarPh]

verified in scancode.io too