build(deps-dev): [security] bump madge from 3.4.4 to 4.0.1

[dependabot-preview]

Bumps madge from 3.4.4 to 4.0.1. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Improper Neutralization of Special Elements used in a Command This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Affected versions: < 4.0.1

Changelog

Sourced from madge's changelog.

v4.0.1 (Mars 5, 2021)

• Fix potential command injection vulnerability

v4.0.0 (Jan 5, 2021)

• Upgrade core dependencies and require Node.js 10.13 (Thanks to @realityking)

v3.12.0 (Nov 2, 2020)

• Updated to dependency-tree@7.2.2 with support for mixing TypesScript and Javascript imports

v3.11.0 (Oct 1, 2020)

• Add support for combining --circular and --dot (Thanks to @SaeedZhiany)

v3.10.0 (Sep 14, 2020)

• Add support for combining --image and --circular option to get a graph with only circular dependencies (Thanks to @gaspardip)

v3.9.2 (June 16, 2020)

• Updated dependencies to resolve TypeScript issues

v3.9.1 (June 08, 2020)

• Improved performance when reading TypeScript config (Thanks to @FauxFaux)

v3.9.0 (May 07, 2020)

• Better support for TypeScript >=3.8 “import type” (Thanks to @eelco)

v3.8.0 (Mars 09, 2020)

• Added leaves option to show modules that do not have dependencies (Thanks to @avahe-kellenberger)

v3.7.0 (Jan 30, 2020)

• Support package.json config (Thanks to @zekth)

v3.6.0 (Nov 11, 2019)

• Added support for TypeScript with mixed import syntax (Thanks to @codemonkey800)

v3.5.1 (Nov 07, 2019)

• Added funding to package.json

v3.5.0 (Oct 28, 2019)

... (truncated)

Commits

• abae6d0 4.0.1
• da5cbc9 Fix potential command injection vulnerability
• c0600c4 4.0.0
• dfbd312 Merge pull request #269 from realityking/node-10
• 5ca410c Upgrade commander to version 6
• fe8a186 Upgrade core dependencies
• eee3dc0 Require Node.js 10.13
• e135916 3.12.0
• e4be868 Update README
• 0eaccb7 Bump dependency-tree to 7.2.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a major update to a development dependency.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[codecov]

Codecov Report

Merging #788 (9b83f47) into master (a61bc39) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##            master      #788   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           42        42           
  Lines          267       267           
  Branches        33        33           
=========================================
  Hits           267       267           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a61bc39...9b83f47. Read the comment docs.