WIP: Resolve npm vulnerabilities (part 3 of 3)

[bsclifton]

Fixes brave/brave-browser#8722

• brave-browser (part 1 of fix)
  • attempted fix with brave/brave-browser#8724 (reverted)
  • proper fix with brave/brave-browser#8735
• sync library (part 2 of fix)
  • staging brave/sync#374
  • master brave/sync#375

Submitter Checklist:

• Submitted a ticket for my issue if one did not already exist.
• Used Github auto-closing keywords in the commit message.
• Added/updated tests for this change (for new code or code which already has tests).
• Verified that these changes build without errors on
  • Android
  • iOS
  • Linux
  • macOS
  • Windows
• Verified that these changes pass automated tests (unit, browser, security tests) on
  • iOS
  • Linux
  • macOS
  • Windows
• Verified that all lint errors/warnings are resolved (npm run lint)
• Ran git rebase master (if needed).
• Ran git rebase -i to squash commits (if needed).
• Tagged reviewers and labelled the pull request as needed.
• Request a security/privacy review as needed.
• Add appropriate QA labels (QA/Yes or QA/No) to include the closed issue in milestone
• Public documentation has been updated as necessary. For instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protection-Mode
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-compatibility-issues-with-tracking-protection
  • https://github.com/brave/brave-browser/wiki/QA-Guide

Test Plan:

Reviewer Checklist:

• New files have MPL-2.0 license header.
• Request a security/privacy review as needed.
• Adequate test coverage exists to prevent regressions
• Verify test plan is specified in PR before merging to source

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on.
• All relevant documentation has been updated.

[bsclifton]

While this PR gets rid of dependency errors, the storybook commands don't seem to work properly with optional-dev-dependency ☹️

[bsclifton]

Huge props to @ryanml for recommending https://www.npmjs.com/package/npm-force-resolutions 😻

[bsclifton]

Almost ready for review - need to troubleshoot the travis-ci problem with npm run build-storybook

I believe @cezaraugusto is looking at this

[petemill]

This shouldn't be necessary. The npx command runs a binary in an npm repo (in this case the npm-force-resolutions). It should download the repo and run the necessary command on-demand. Brave itself doesn't need to have the dependency in its source tree as far as I can tell.

[bsclifton]

right - but preinstall is running npx npm-force-resolutions. If we don't add this, nothing would happen? 🤔

[bsclifton]

Closing - this approach caused problems when using with brave-core-crx-packager ☹️