DS - Clear out dependabot alerts

[timwright12]

Description

As a human(?), I want to clear out dependabot alerts in the repo, so that we can submit it to be turned public.

As part of this story we want to: Clear out all the alerts listed at: https://github.com/department-of-veterans-affairs/va-mobile-library/security/dependabot

Acceptance Criteria

• [ ] All security alerts moderate or higher are gone

Ticket Checklist

• [ ] Acceptance criteria defined
• [ ] Labels added (front-end, back-end, feature)
• [ ] Linked to an Epic

[narin]

Looked into each of the 5 security alerts mentioned and they are all related to dependencies that Storybook 6.5 uses. We cannot upgrade beyond 6.5 because it is the latest version of Storybook that supports React Native.

Last week there was an alpha release of @storybook/react-native that added compatibility with Storybook 7.6.10. Hopefully this means a stable release is coming soon.

These alerts may be considered low risk since we only use Storybook for our dev environment and do not package our Storybook code with our NPM package. I've listed the offending Storybook packages below:

• Uncontrolled Resource Consumption in trim-newlines
  • @storybook/core-server@npm:6.5.16
• glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
  • @storybook/builder-webpack4@npm:6.5.16
• Regular Expression Denial of Service in trim
  • @storybook/addon-docs@npm:6.5.16, @storybook/addon-docs@npm:^6.5.16
• PostCSS line return parsing error
  • @storybook/builder-webpack4@npm:6.5.16
• semver vulnerable to Regular Expression Denial of Service
  • @storybook/csf-tools@npm:6.5.16

[narin]

All dependabot alerts have been cleared aside from ip which currently has no fix available. Closing out.