chore(all): LW-8019 fix critical/high yarn audit vulnerabilities

[refi93]

Checklist

• JIRA - \ LW-8019
• Proper tests implemented
• Screenshots added.

---

Motivation

yarn audit is currently reporting 324 vulnerabilities:

324 vulnerabilities found - Packages audited: 4632
Severity: 206 Moderate | 106 High | 12 Critical

Proposed solution

Run yarn-audit-fix which is an automated tool looking for non-vulnerable versions of packages that comply with the dependency constraints. Fix the rest of reported (high/critical) vulnerabilities ad-hoc.

The commits are split in the following way:

1. just the automatic fixes by yarn-audit-fix
2. removal of vulnerable dependencies that seemed unused as they weren't referenced anywhere in the project nor as peer dependencies
3. re-installing/bumping node-sass (without modifying package.json constraints on major/minor version), and webpack from version 5.75 to 5.76
4. reintroduced yarn audit into CI, basically reverting https://github.com/input-output-hk/lace/pull/241/files (except sonarqube)

Testing

1. run yarn audit and there should be no high/critical vulnerabilities reported
2. run full test suite in CI

---

Allure report

allure-report-publisher generated test report!

smokeTests: ✅ test report for c651987f

	passed	failed	skipped	flaky	total	result
Total	35	0	0	0	35	✅

[tgunnoe]

This will have to be rebased and updated for yarn3

[refi93]

@tgunnoe thanks for the heads up will do 👍 btw, I noticed that the yarn npm audit --all --recursive seems to yield a lot less vulnerabilities than yarn audit did in yarn 1.x (324 vs 14), seems to be related to this PR apparently fixing the issue yarnpkg/berry#5501 but not released yet. Based on this comment: yarnpkg/berry#5501 (comment) I'm not actually sure if the fix would ever be released in yarn v3

For the time being I'd fix at least the vulnerabilities respective to the v3 report

[refi93]

@przemyslaw-wlodek I force-pushed the fixes to yarn.lock because I basically did the update from scratch so the code requires re-reviewing anyway as it doesn't share anything in common apart from the general steps (autofix issues with yarn-audit-fix and try reinstalling packages that have vulnerable recursive deps while retaining their version constraints in package.json).

I also bumped webpack which although wasn't reported by the v3 yarn npm audit --all --recursive scripts, it has apparently a known vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/detail/webpack-js-package-5750-sandbox-bypass#:~:text=The%20JS%20package%20webpack%20is,are%20not%20vulnerable%20to%20exploitation

Currently, the only one critical dependency should be reported by yarn npm audit --all --recursive , namely mockery via @wdio/cucumber-framework which doesn't seem fixable atm, until the package migrates away from it (mockery seems abandoned) and is used just in the e2e tests anyway. Interestingly, the "mockery" vulnerability wasn't reported at all by the "yarn v1" audit even though the same package was present there, so I guess the vulnerability reporting isn't perfect on neither version of yarn 🤷

[danielmain]

Great job @refi93