chore: resolve vulnerable sub-dependencies

[radium-v]

Pull Request

📖 Description

Updates packages which have dependencies on the vulnerable colors NPM package:

• rollup-plugin-filesize from 8.0.2 to 9.1.2
• updates http-server from 0.12.1 to 14.1.0
• updates favicons from 6.1.0 to 6.2.2
• locks colors to 1.4.0 for karma in the resolutions field
• locks colors to 1.4.0 for favicons in the resolutions field

👩‍💻 Reviewer Notes

Some packages are still vulnerable:

• Karma pin colors to 1.4.0 karma-runner/karma#3740
• Favicons fix: pin [email protected] to fix security vuln itgalaxy/favicons#371

Packages which rely on a stricter version range and are less vulnerable:

• Certain Rushstack packages (resolve to unaffected ~1.2.1 range [all projects] Remove all dependencies on the "colors" NPM package rushstack#3147)
• cli-table3 (dependency of Storybook, resolves to lower ^1.1.2 range fix: Replace colors with chalk to fix infinite loop. cli-table/cli-table3#250)

📑 Test Plan

Our project does not use the colors package directly so everything should continue to behave as expected.

✅ Checklist

General

• I have included a change request file using $ yarn change
• I have added tests for my changes.
• I have tested my changes.
• I have updated the project documentation to reflect my changes.
• I have read the CONTRIBUTING documentation and followed the standards for this project.

[chrisdholt]

Thanks @radium-v!