Issue with vulnerabilities reporting

[malykhinvi]

Is your feature request related to a problem? Please describe. Seems like current setup of CasaOS-UI repository and SonarCloud does not report security vulnerabilities correctly. SonarCloud shows 0 vulnerabilities.

Describe the solution you'd like I assume that it happens because we are using yarn and workspaces. By default when you run yarn npm audit it checks only root dependencies. If you want to check all workspaces, you should run yarn npm audit --all

Currently it reports one moderate and one critical vulnerability:

➜  CasaOS-UI git:(main) yarn npm audit --all
├─ markdown-it: 8.4.2
│  ├─ ID: 1092663
│  ├─ Issue: Uncontrolled Resource Consumption in markdown-it
│  ├─ URL: https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: <12.3.2
│  ├─ Patched Versions: >=12.3.2
│  ├─ Via: markdown-it
│  └─ Recommendation: Upgrade to version 12.3.2 or later
│
└─ swiper: 5.4.5
   ├─ ID: 1089811
   ├─ Issue: Prototype Pollution in swiper
   ├─ URL: https://github.com/advisories/GHSA-p3hc-fv2j-rp68
   ├─ Severity: critical
   ├─ Vulnerable Versions: <6.5.1
   ├─ Patched Versions: >=6.5.1
   ├─ Via: swiper
   └─ Recommendation: Upgrade to version 6.5.1 or later

If it is not possible to set up automated vulnerability fixes' PRs with sonar cloud maybe we could utilize dependabot in CasaOS-UI repo?