Strip ansi color codes and do not use bypass HTML function

[floreks]

• Applied npm audit fix
• Slight refactoring of log component
• Removed ansi-to-html and added strip-ansi instead
• Removed usage of bypassSecurityTrustHtml
• Fixed potential issue with not escaping some of the HTML codes properly. Replace was not done globally and in some cases, it was possible to display i.e. a clickable link inside logs.

Since every log line was first sanitized before applying ANSI to HTML conversion, I do not think there was a potential XSS vulnerability. The converter itself would have to be compromised in order to append insecure code. In order to prevent that logs will be further stripped from ANSI codes.

Example

[codecov]

Codecov Report

Merging #5737 (97bc9ad) into master (7cfdb00) will increase coverage by 0.04%.
The diff coverage is 42.85%.

@@            Coverage Diff             @@
##           master    #5737      +/-   ##
==========================================
+ Coverage   44.34%   44.38%   +0.04%     
==========================================
  Files         214      214              
  Lines        9126     9117       -9     
  Branches      113      112       -1     
==========================================
  Hits         4047     4047              
+ Misses       4804     4796       -8     
+ Partials      275      274       -1     

Impacted Files	Coverage Δ
src/app/frontend/common/pipes/safehtml.ts	58.33% <42.85%> (+15.47%)	⬆️
src/app/frontend/login/component.ts	76.74% <0.00%> (+1.16%)	⬆️
...p/backend/integration/metric/common/aggregation.go	90.00% <0.00%> (+2.00%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7cfdb00...97bc9ad. Read the comment docs.

[maciaszczykm]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: floreks, maciaszczykm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [floreks,maciaszczykm]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[MichaelJCole]

Hurray! Thanks! Go Team!

[MattJeanes]

Does this change mean that colours are no longer supported in the logs view?

[floreks]

@MattJeanes correct. They are stripped from the logs to not impact readability.

[MattJeanes]

A shame, but understandable given the security concern - thanks for letting me know, not sure if that would be worth a mention in the v2.2.0 release notes?