Update cross-spawn to resolve CVE-2024-21538

What does this MR do and why?

Update cross-spawn npm package in both the main yarn.lock file and under storybook to resolve CVE-2024-21538

We are not vulnerable to this but it will resolve a couple of findings in the vulnerability report.

• https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/149225559
• https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/149225558

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

• https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/149225559
• https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/149225558
• https://npmdiff.dev/cross-spawn/6.0.5/6.0.6/
• https://npmdiff.dev/cross-spawn/7.0.3/7.0.6/

$ yarn why cross-spawn
yarn why v1.22.19
[1/4] Why do we have the module "cross-spawn"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "cross-spawn@7.0.6"
info Has been hoisted to "cross-spawn"
info Reasons this module exists
   - Hoisted from "webpack-cli#cross-spawn"
   - Hoisted from "eslint#cross-spawn"
   - Hoisted from "webpack-dev-server#default-gateway#execa#cross-spawn"
   - Hoisted from "tailwindcss#sucrase#glob#foreground-child#cross-spawn"
info Disk size without dependencies: "92KB"
info Disk size with unique dependencies: "156KB"
info Disk size with transitive dependencies: "216KB"
info Number of shared dependencies: 5
=> Found "patch-package#cross-spawn@6.0.6"
info This module exists because "patch-package" depends on it.
info Disk size without dependencies: "68KB"
info Disk size with unique dependencies: "436KB"
info Disk size with transitive dependencies: "496KB"
info Number of shared dependencies: 7
Done in 0.95s.

$ yarn why cross-spawn
yarn why v1.22.19
[1/4] Why do we have the module "cross-spawn"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "cross-spawn@6.0.6"
info Reasons this module exists
   - "@storybook#addon-essentials#@storybook#addon-docs#@jest#transform#jest-haste-map#sane#execa" depends on it
   - Hoisted from "@storybook#addon-essentials#@storybook#addon-docs#@jest#transform#jest-haste-map#sane#execa#cross-spawn"
info Disk size without dependencies: "152KB"
info Disk size with unique dependencies: "324KB"
info Disk size with transitive dependencies: "380KB"
info Number of shared dependencies: 7
=> Found "detect-package-manager#cross-spawn@7.0.6"
info Reasons this module exists
   - "@storybook#vue#@storybook#core#@storybook#core-server#@storybook#telemetry#detect-package-manager#execa" depends on it
   - Hoisted from "@storybook#vue#@storybook#core#@storybook#core-server#@storybook#telemetry#detect-package-manager#execa#cross-spawn"
info Disk size without dependencies: "60KB"
info Disk size with unique dependencies: "120KB"
info Disk size with transitive dependencies: "176KB"
info Number of shared dependencies: 5
Done in 0.71s.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A