Updating packages to address high severity alerts

[angela-young]

This PR updates as many packages with as few major breaking changes as possible in order to fix high severity dependabot alerts. There will be follow up PR(s) made to address the packages that will need major updates in order to address the remaining vulnerabilities.

There are 42 dependabot alerts at the time of creating this PR. After merging, there are now 13.
GUS: W-19586252

Changes made:

• removed unused packages to cleanup the amount of dependencies and reduce security risks
  • react-hot-loader and react-select
• migrated off of deprecated and archived packages and onto recommended maintained packages
  • uglifyjs-webpack-plugin → terser-webpack-plugin
• updated eslint-plugin-node to address semver vuln
  • https://github.com/heroku/react-hk-components/security/dependabot/124
• updated lint-staged and babel-jest to address braces vuln
  • https://github.com/heroku/react-hk-components/security/dependabot/142
  • webpack still uses a vulnerable version, addressed in followup PR
• copy-webpack-plugin, webpack, and webpack-cli to address ssri
  • https://github.com/heroku/react-hk-components/security/dependabot/30
• babel-loader, css-loader, mini-css-extract-plugin, style-loader, and file-loader to address json5
  • https://github.com/heroku/react-hk-components/security/dependabot/116
• d3 for d3-color vuln. Also upgraded babel-core to @babel/core along with related packages, and replaced .babelrc with .babelrc.js as part of the breaking changes involved with upgrading
  • https://github.com/heroku/react-hk-components/security/dependabot/82
• webpack-bundle-analyzer to remove body-parser vuln
  • https://github.com/heroku/react-hk-components/security/dependabot/153
• np and jest-css-modules-transform for dot-prop vuln
  • https://github.com/heroku/react-hk-components/security/dependabot/17
• np(again) and webpack-cli to address ini vuln
  • https://github.com/heroku/react-hk-components/security/dependabot/24

High severity alerts that should also resolve as a result of the changes made above:

• https://github.com/heroku/react-hk-components/security/dependabot/16
• https://github.com/heroku/react-hk-components/security/dependabot/70
• https://github.com/heroku/react-hk-components/security/dependabot/87
• https://github.com/heroku/react-hk-components/security/dependabot/115

To test:

• pull down this branch
• run yarn install && yarn build
• verify there are no errors
• run yarn test
• verify all tests pass
• run yarn link

In herokudata-frontend repo:

• run yarn link "@heroku/react-hk-components"
• run yarn && yarn start
• the local environment should open on its own, and if not, go to http://localhost:3000/
• verify the hk components on the site work as expected
  • click the table column headers to change the sorting direction
  • click the dataclips page tab
  • search for "con" and click the first result
  • click around and verify the chart view loads as expected (image below)
  • feel free to go back and open other dataclip pages
  • click the "New Dataclip" button
  • search for "aer" and click the first result
  • click through the dropdowns in the schema explorer on the right (image below)
  • verify the dropdown next to the "Save & Run" button works as expected

Next steps

The three major sources of vulnerabilities are webpack, eslint, and jest. Updating any of these packages will likely have major breaking changes, which is why I plan to split them out into separate PRs.

[angela-young]

This change was made due to updating copy-webpack-plugin

[angeldcampbell]

looks good to me! tested locally without issues

[kenyaplenty]

LGTM. Everything worked for me locally for the most part except for when there were error related to dataclip queries (I don't think this is you!)