Suppress CWE-400 for node-sass:4.13.1

[ccaominh]

Description

The vulnerability is fixed in 4.13.1: sass/node-sass#2816 (comment)

But the dependency check plugin thinks its still broken as the affected/fixed versions has not been updated yet on Sonatype OSS Index: https://ossindex.sonatype.org/vuln/c97f4ae7-be1f-4f71-b238-7c095b126e74

---

This PR has:

• been self-reviewed.
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.

[codecov-io]

Codecov Report

Merging #9517 into master will increase coverage by 0.92%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master    #9517      +/-   ##
============================================
+ Coverage     63.58%   64.51%   +0.92%     
  Complexity    23569    23569              
============================================
  Files          3054     2936     -118     
  Lines        126200   119976    -6224     
  Branches      17453    16070    -1383     
============================================
- Hits          80249    77404    -2845     
+ Misses        38754    35592    -3162     
+ Partials       7197     6980     -217

Impacted Files	Coverage Δ	Complexity Δ
...tions/spatial/split/LinearGutmanSplitStrategy.java	91.89% <0%> (-8.11%)	9% <0%> (-1%)
.../apache/druid/client/BatchServerInventoryView.java	80.76% <0%> (-5.77%)	10% <0%> (-1%)
...main/java/org/apache/druid/client/DruidServer.java	74.68% <0%> (-2.54%)	33% <0%> (-1%)
...e/druid/concurrent/ConcurrentAwaitableCounter.java	67.5% <0%> (-2.5%)	11% <0%> (-1%)
...druid/server/coordinator/CuratorLoadQueuePeon.java	76.71% <0%> (-2.06%)	21% <0%> (-1%)
...uid/curator/inventory/CuratorInventoryManager.java	65.68% <0%> (-1.97%)	9% <0%> (ø)
.../druid/indexing/kinesis/KinesisRecordSupplier.java	54.43% <0%> (-1.59%)	33% <0%> (ø)
...egment/loading/SegmentLoaderLocalCacheManager.java	85.92% <0%> (-1.49%)	32% <0%> (-1%)
...uid/client/AbstractCuratorServerInventoryView.java	55.55% <0%> (-1.02%)	16% <0%> (ø)
.../druid/java/util/emitter/core/HttpPostEmitter.java	76.76% <0%> (-0.76%)	45% <0%> (ø)
... and 124 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6afd55c...c1abaa3. Read the comment docs.

[ccaominh]

I'm not sure why codecov is commenting on PRs since that should be disabled: https://github.com/apache/druid/blob/master/.codecov.yml#L24

Clearly the coverage report is inaccurate since this PR did not change any source code.

[clintropolis]

thanks for fixing; I think we need to come up with a process to periodically review these suppressions, though I have no idea what that looks like