Upgrade dependency htmlnano to v1.0.0 to fix transitive security vulnerability

[Sammii]

htmlnano < 1.0.0 has a transitive security vulnerability from postcss. Details about the security vulnerability: https://github.com/advisories/GHSA-hwj9-h5mp-3pm3

 => Found "purgecss#postcss@7.0.32"
 info This module exists because "_project_#@contentful#contentful-extension-scripts#htmlnano#purgecss" depends on it.

htmlnano upgraded their dependency to the patched version in: https://github.com/posthtml/htmlnano/commit/f05c7806839fd1cb7141b75b6e844091a859843a (purgecss updated their dependency starting in v3.1.0, see https://github.com/FullHuman/purgecss/commit/72302ffa475a2f74af4211c5a3caa70f2de4abfd)

Please upgrade the htmlnano dependency to v1.0.0 or higher.

[Jwhiles]

Hi @Sammii thanks for raising this issue. We'll look into this issue, however, as post css is used at build time - I don't think this vulnerability poses much danger.

If you are having problems with create-contentful-extension I'd encourage you to instead try using create contentful app which is what we suggest you when working with Contentful's app framework