Upgrade acorn to avoid yarn/npm audit warnings

[mulholo]

Issue description

Webpack bundle analyzer currently depends upon v6.0.7 in package.json https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/package.json#L36. The version range of acorn listed here is susceptible to the following vulnerability found via NPM: https://www.npmjs.com/advisories/1488. Acorn should be upgraded to at least v7.1.1

Technical info

• Webpack Bundle Analyzer version: latest (3.6.0)

[valscion]

Thanks for the issue. As webpack-bundle-analyzer is a development-only tool, a denial of service security vulnerability is not relevant for us.

However, I do understand that it's annoying to see an audit warning. I wonder if there's anything stopping us from upgrading? Last time the upgrade wasn't that big a deal: #248

Would be interesting to see what the CI says when acorn is bumped to ^7.1.1. We should also look at if the supported Node versions change because of the dependency upgrade.

PR would be welcome ☺️

[mulholo]

PR would be welcome ☺️

:) Will do. Currently, trying to check the 5 or so dependencies that this affects for us and then will come back to see what I can do to fix ourselves. Thanks for speedy response.

[mulholo]

(Draft) PR here: #338