Update yargs version to avoid CVE-2021-3807

[yairkukielkazunzunegui]

Problem description

snyk scans are reporting that @grpc/grpc-js@1.8.14 is vulnerable to CVE-2021-3807 because of its dependency to yargs@16.2.0. Please update yargs version to > yargs@17.2.1 so this gets fixed.

Reproduction steps

I ran locally the command snyk test
This is the chain of dependnecies that snyk reported

@grpc/grpc-js@1.8.14 > @grpc/proto-loader@0.7.6 > yargs@16.2.0 > string-width@4.2.2 > strip-ansi@6.0.0 > ansi-regex@5.0.0

This issue was fixed in versions of ansi-regex: 3.0.1, 4.1.1, 5.0.1, 6.0.1
So updating yargs to > yargs@17.2.1 would fix this issue.

Environment

• Package name and version @grpc/grpc-js@1.8.14 and @grpc/proto-loader@0.7.6

Additional context

Snyk is reporting https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

[murgatroid99]

I published @grpc/proto-loader version 0.7.7 with an updated dependency on yargs.