feature/update npm libraries

[morybc]

Various updates to remove vulnerabilities and build warnings from web client. This reduces the amount from:

80 vulnerabilities (1 low, 28 moderate, 46 high, 5 critical)
to:
23 vulnerabilities (1 low, 12 moderate, 10 high) (see end for full current list)

Note, I have tried to test things as best as possible but am not familiar with the full functionality of the client - so these updates should be properly tested locally before merging, please.

Commit details:

• Changes after first npm audit fix
• Further npm audit fix
• Update uglymol version to remove 'three' issue
• Update webpack-bundle-analyser to 4.5.0
• Update 'three' to 0.143.0
• Update webpack-dev-server to 4.10.0
• Update optimize-css-assets-webpack-plugin to 6.0.1
• Update copy-webpack-plugin to 6.4.1 and update webpack.config.js accordingly
• Remove unused package: git-revision-webpack-plugin
• Remove unused postcss-purgecss
• Update dependencies to allow use of yarn run serve
• Update backgrid packages to remove High vulnerability
• Update vue and css-loader
• Fix issue with color definition - remove unnecessary comma to remove error message
• Fix various front end build errors
• Remove CSS ordering warnings - these aren't actually causing an issue and are hard to cleanly resolve

Full current list of vulnerabilities (these were left as I wasn't confident of bumping up the required library/framework versions):

color-string <1.5.5
Severity: moderate
Regular Expression Denial of Service (ReDOS) - GHSA-257v-vj4p-3w2h
fix available via npm audit fix --force
Will install postcss-color-function@1.2.0, which is a breaking change
node_modules/color-string
color <=0.11.4
Depends on vulnerable versions of color-string
node_modules/color
css-color-function *
Depends on vulnerable versions of color
node_modules/css-color-function
postcss-color-function *
Depends on vulnerable versions of css-color-function
Depends on vulnerable versions of postcss
node_modules/postcss-color-function

glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - GHSA-ww39-953v-wcq6
fix available via npm audit fix --force
Will install webpack@5.74.0, which is a breaking change
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack

highcharts <9.0.0
Severity: high
Options structure open to Cross-site Scripting if passed unfiltered - GHSA-8j65-4pcq-xq95
fix available via npm audit fix --force
Will install highcharts@10.2.0, which is a breaking change
node_modules/highcharts

jquery <=3.4.1
Severity: moderate
Cross-Site Scripting (XSS) in jquery - GHSA-rmxg-73gg-4p98
XSS in jQuery as used in Drupal, Backdrop CMS, and other products - GHSA-6c3j-c64m-qhgq
Potential XSS vulnerability in jQuery - GHSA-gxr4-xjj5-5px2
Potential XSS vulnerability in jQuery - GHSA-jpcq-cgw6-v4j6
fix available via npm audit fix --force
Will install jquery@3.6.0, which is a breaking change
node_modules/jquery
backbone.syphon <=0.6.3
Depends on vulnerable versions of jquery
node_modules/backbone.syphon

markdown *
Regular Expression Denial of Service in markdown - GHSA-wx77-rp39-c6vg
No fix available
node_modules/markdown

postcss <=7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - GHSA-566m-qj78-rww5
Regular Expression Denial of Service in postcss - GHSA-hwj9-h5mp-3pm3
fix available via npm audit fix --force
Will install tailwindcss@3.1.8, which is a breaking change
node_modules/@fullhuman/postcss-purgecss/node_modules/postcss
node_modules/postcss-color-function/node_modules/postcss
node_modules/postcss-functions/node_modules/postcss
node_modules/postcss-strip-inline-comments/node_modules/postcss
node_modules/purgecss/node_modules/postcss
@fullhuman/postcss-purgecss 2.0.3 - 3.0.0
Depends on vulnerable versions of postcss
Depends on vulnerable versions of purgecss
node_modules/@fullhuman/postcss-purgecss
tailwindcss 0.1.0 - 2.2.0-canary.16
Depends on vulnerable versions of @fullhuman/postcss-purgecss
Depends on vulnerable versions of postcss-functions
node_modules/tailwindcss
postcss-functions <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-functions
postcss-strip-inline-comments *
Depends on vulnerable versions of postcss
node_modules/postcss-strip-inline-comments
purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/purgecss

underscore 1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - GHSA-cf4h-3jhx-xvhq
fix available via npm audit fix --force
Will install backbone.marionette@4.1.3, which is a breaking change
node_modules/underscore
backbone.babysitter 0.1.1 - 1.0.0-pre.2
Depends on vulnerable versions of underscore
node_modules/backbone.babysitter
backbone.marionette 1.6.3 - 4.0.0
Depends on vulnerable versions of underscore
node_modules/backbone.marionette
backbone.wreqr >=1.0.1
Depends on vulnerable versions of underscore
node_modules/backbone.wreqr

23 vulnerabilities (1 low, 12 moderate, 10 high)

[John-Holt-Tessella]

JIRA Issue https://jira.diamond.ac.uk/browse/LIMS-107