task/WG-215: addressing postcss vulnerability

[tjgrafft]

Overview:

Addressing postcss vulnerability issues by updating packages and changing dependencies of those packages.
Perviously there were 3 moderate vulnerabilities related to tacc-core-styles package.

PR Status:

• Ready.
• Work in Progress.
• Hold.

Related Jira tickets:

• WG-215

Summary of Changes:

• Updated tacc-core-styles package to version 2.23.1
• Updated the package.lock file, specifically postcss and postcss-extend (which were causing the issues, as they were nested dependencies of tacc-core-styles), to have dependencies of newer postcss versions. Perviously postcss-extend was compatible with version 5 of postcss. I need to test the application to make sure using postcss ^8.4.18 with postcss-extend doesn't cause any side effects.

Testing Steps:

UI Photos:

Notes:

TO-DO: Running 'npm ci' command works for updated package-lock file. However, running 'npm install' command will overwrite these changes bc postcss-extend's individual package.json file has postcss version ^5.0.4 as its dependency range, therefore npm will overwrite (and the vulnerabilities will return) postcss's package-lock contents (postcss-extend is a nested dependency of postcss and tacc-core-styles pacakges). Looking for alternate solution for long-term fix.

Note: CEP is using tacc-core-styles: ^2.11.0 for their versioning. They're also using the postcss-extend-rule package instead of postcss-extend. Will look into this further as an option