Update react-scripts to address immer alert (SCP-3893)

[eweitz]

This fixes a false-positive critical security vulnerability in immer. That was a dependency of an old version of react-scripts, which we use in development -- and not production. Nevertheless, the dependency can't easily be moved from dependencies to devDependencies. Details: facebook/create-react-app#10411.

I drafted a more comprehensive set of dependency updates, but those caused deeply cryptic problems. This is a minimal change that fixes the most-reportedly-severe error.

To test:

• Pull branch
• yarn install --force
• Restart rails s, verify no errors upon startup
• In another terminal, restart bin/webpack-dev-server, verify no errors upon startup
• In local SCP, navigate to a study that has visualizations
• Save a change to a JavaScript file, e.g. open ScatterPlot.js, add console.log('ok') atop RawScatterPlot
• In webpack-dev-server terminal, verify your change triggered a recompilation
• In local SCP, open DevTools console, verify "ok" was printed to console
• Revert change to ScatterPlot.js

This relates to SCP-3893.

[codecov]

Codecov Report

Merging #1273 (4e840f3) into development (8829e83) will increase coverage by 0.11%.
The diff coverage is n/a.

@@               Coverage Diff               @@
##           development    #1273      +/-   ##
===============================================
+ Coverage        68.90%   69.01%   +0.11%     
===============================================
  Files              241      242       +1     
  Lines            18816    18905      +89     
  Branches           952      954       +2     
===============================================
+ Hits             12965    13048      +83     
- Misses            5682     5688       +6     
  Partials           169      169              

Impacted Files	Coverage Δ
app/uploaders/branding_group_image_uploader.rb	58.82% <0.00%> (-35.30%)	⬇️
app/models/genome_assembly.rb	90.47% <0.00%> (-9.53%)	⬇️
app/lib/synthetic_branding_group_populator.rb	92.15% <0.00%> (-3.68%)	⬇️
app/lib/user_asset_service.rb	94.59% <0.00%> (-2.71%)	⬇️
...search/controls/download/DownloadSelectionTable.js	91.11% <0.00%> (-1.84%)	⬇️
app/models/study.rb	82.97% <0.00%> (-0.38%)	⬇️
app/models/search_facet.rb	97.99% <0.00%> (-0.34%)	⬇️
app/lib/azul_search_service.rb	94.17% <0.00%> (-0.12%)	⬇️
app/models/download_request.rb	100.00% <0.00%> (ø)
app/controllers/studies_controller.rb	21.78% <0.00%> (ø)
... and 11 more

[ehanna4]

Tested following the outlined steps and got the results expected.

[eweitz]

The SCP team investigated the build failure, and determined it was a false positive with some newly-introduced log noise.

[eweitz]

After merge, Dependabot decreased reported vulnerabilities from 11-12 to 9, but retained its basic alert about immer.

The previous alert had a clause that suggested updating to immer 8.0.1 (via updating react-scripts) would suffice, but the new message clarifies that’s not so.

As noted above, though, this vulnerability is a false positive. It's used only in development, and not production, and so there are no known vulnerabilities in our use case.