Add frontend dependencies security audit

[glebcha]

The idea is to add security analysis tool like auditjs to eliminate potential risks in release flow.

This can be done both for current and new ui.

Output made with auditjs for current frontend dependencies (also can be exported in json or xml):

[1/1] - pkg:npm/[email protected] - 3 vulnerabilities found!

  Vulnerability Title:  [CVE-2020-8203] CWE-471: Modification of Assumed-Immutable Data (MAID)
  ID:  CVE-2020-8203
  Description:  lodash - Prototype Pollution [ CVE-2020-8203 ] 
  
  The software does not properly protect an assumed-immutable element from being modified by an attacker.
  
  Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-8203 for details
  CVSS Score:  7.5
  CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  CVE:  CVE-2020-8203
  Reference:  https://ossindex.sonatype.org/vulnerability/CVE-2020-8203?component-type=npm&component-name=lodash&utm_source=auditjs&utm_medium=integration&utm_content=4.0.45
  
  Vulnerability Title:  [CVE-2021-23337] CWE-94: Improper Control of Generation of Code ('Code Injection')
  ID:  CVE-2021-23337
  Description:  Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
  CVSS Score:  7.2
  CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  CVE:  CVE-2021-23337
  Reference:  https://ossindex.sonatype.org/vulnerability/CVE-2021-23337?component-type=npm&component-name=lodash&utm_source=auditjs&utm_medium=integration&utm_content=4.0.45
  
  Vulnerability Title:  [CVE-2020-28500] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
  ID:  CVE-2020-28500
  Description:  Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
  
  Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-28500 for details
  CVSS Score:  5.3
  CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  CVE:  CVE-2020-28500
  Reference:  https://ossindex.sonatype.org/vulnerability/CVE-2020-28500?component-type=npm&component-name=lodash&utm_source=auditjs&utm_medium=integration&utm_content=4.0.45

I can make a PR if this proposal will be approved by maintainers.

[wendigo]

cc @mosabua @electrum

[mosabua]

I think this could be useful if we end up managing the alters and making sure we upgrade. Not sure however if we are in a position to do that on the frontend codebase. I think it is worth a try. What do you think @martint @dain @electrum ..

Also @glebcha could we just run this locally for starters to test it out? Maybe an initial PR could just document how to do that manually, and we can talk about automation later

[wendigo]

Yeah let's add a script to package.json first and go from there

[glebcha]

I think this could be useful if we end up managing the alters and making sure we upgrade. Not sure however if we are in a position to do that on the frontend codebase. I think it is worth a try. What do you think @martint @dain @electrum ..

Also @glebcha could we just run this locally for starters to test it out? Maybe an initial PR could just document how to do that manually, and we can talk about automation later

@mosabua, created a PR with scripts in package.json both for current and new ui.
Also added instructions in README.

[glebcha]

@mosabua Any chance for a quick review of PR?