Update vulnerable NPM dependencies with auto-fixable version updates

[techanvil]

Update vulnerable NPM dependencies with auto-fixable version updates

Feature Description

We have a fairly large number of NPM dependencies which are flagged as vulnerable by NPM, as can be seen when running npm ci. The vulnerable package count is 149 at the time of writing:

We should update these to non-vulnerable versions where possible. This will need to be done over the course of multiple issues; this one can address those packages which can be updated automatically, with more complicated updates addressed in one or more subsequent issues.

This issue should be tackled once https://github.com/google/site-kit-wp/issues/5862 has been implemented, as a test run of npm audit fix shows that a number of the packages need Puppeteer to be updated in order to unblock their fixes.

---

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

• Vulnerable NPM dependencies idenfitied via npm audit which can be auto-fixed should be updated to their non-vulnerable versions.
• There should be no functional changes to the Site Kit plugin and infrastructure.

Implementation Brief

• [ ] Run npm audit fix --workspaces in the repo root.

Test Coverage

• No tests required, just ensure JS tests and VRTs are passing in the pipeline. This can be moved to approved directly by code reviewer.

QA Brief

Changelog entry

[eugene-manuilov]

IB ✔️

[ivonac4]

@ankitrox @techanvil , what can we do here to unblock this ticket? It's sitting in the EB for a month now.

[techanvil]

Hey @ivonac4, it's blocked by #5862 which is still in IB, we need to execute that issue to move this one forward.

[binnieshah]

@techanvil is this still blocked?

[techanvil]

@binnieshah yes, it's still blocked by #5862 as per the comment above.