Override transitive semver dependency version to fix security vulnerability

[carolabadeer]

Issue #, if available: #599

Description of changes: Use npm-force-resolutions to override the vulnerable semver dependency v5.7.1 being installed from cls-hooked v4.2.2. It is necessary to manually override the semver version as the cls-hooked package has not issued a release since 2017.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[srprash]

How do we ensure that cls-hooked works with the "forced" v7.5.3 of semver in our SDK and not behave unexpectedly?

[carolabadeer]

@srprash cls-hooked only uses semver in one line to utilize the gte function, and the module that exports the gte function in the semver repository has not had any changes in the last 4 years. So the single usage of the semver.gte() function in cls-hooked would behave the same for the current version in cls-hooked (5.7.1) and the forced version we are using (7.5.3) since 5.7.1 was released 4 years ago.

An additional note: There are also many others who reported this vulnerability directly in the cls-hooked package, and some contributors even created PRs for upgrading the semver version to 7.5.3, but since the library is unmaintained, those PRs have not been addressed. Those authors of those issues and PRs report manually overriding semver version did not cause any issues and resolved the security risk: https://github.com/Jeff-Lewis/cls-hooked/issues/78