Update `start-server-and-test` in package `e2e-cypress`

[lmm-git]

start-server-and-test uses axios in a vulnerable version (^0.27.2) (see https://www.npmjs.com/advisories/1094889)

Full dependency tree: @quasar/quasar-app-extension-testing-e2e-cypress > start-server-and-test > wait-on > axios

In commit 2de1718de8265cf424861155712c820947456938 start-server-and-test got pinned to 2.0.0, which is using this exact vulnerable version. It got fixed in later versions (e.g. 2.0.3), but in version 2.0.1 they removed support for Node 14. Therefore I suspect the change to pin to 2.0.0 was done to still support Node 14.

I would open a PR with a fix, but I currently do not know how exactly. Do you want to discontinue support for Node 14 or pin the axios/wait-on version?

[IlCallo]

In that exact commit I also added the explanation to why I pinned the version, some lines above: https://github.com/quasarframework/quasar-testing/blob/cc3b4377385433448c03c06217d08c1085f04271/packages/e2e-cypress/package.json#L35

A vulnerability of that kind, in a package that's used in a controlled environment such as the one used for automated testing with Cypress, isn't that much of a concern We'll bump the dep version in next major version of Cypress AE, when we'll drop support for Node 14