fix: Remove CVE-2024-37890 vulnerability by updating the ws package

[sw-joelmut]

Addresses #4684
#minor

Description

This PR updates the version of the ws package from 7.1.2 to 7.5.10 to fix the CVE-2024-37890 vulnerability.
Along the way, to address this ws package issue for the browser-functional/browser-echo project, we have updated all webpack related packages to the latest supported node 16 version, fixing the following vulnerabilities.

• ansi-html https://github.com/microsoft/botbuilder-js/security/dependabot/171 - CVE-2021-23424
• braces https://github.com/microsoft/botbuilder-js/security/dependabot/358 - CVE-2024-4068
• dns-packet https://github.com/microsoft/botbuilder-js/security/dependabot/83 - CVE-2021-23386
• elliptic https://github.com/microsoft/botbuilder-js/security/dependabot/71 - CVE-2020-28498
• glob-parent https://github.com/microsoft/botbuilder-js/security/dependabot/84 - CVE-2020-28469
• ini https://github.com/microsoft/botbuilder-js/security/dependabot/70 - CVE-2020-7788
• ip https://github.com/microsoft/botbuilder-js/security/dependabot/349 - CVE-2024-29415
• node-forge https://github.com/microsoft/botbuilder-js/security/dependabot/91 - GHSA-gf8q-jrpm-jvxq
• node-forge https://github.com/microsoft/botbuilder-js/security/dependabot/92 - GHSA-5rrq-pxf6-6jx5
• node-forge https://github.com/microsoft/botbuilder-js/security/dependabot/95 - CVE-2022-0122
• node-forge https://github.com/microsoft/botbuilder-js/security/dependabot/181 - CVE-2022-24771
• node-forge https://github.com/microsoft/botbuilder-js/security/dependabot/183 - CVE-2022-24772
• node-forge https://github.com/microsoft/botbuilder-js/security/dependabot/185 - CVE-2022-24773
• ssri https://github.com/microsoft/botbuilder-js/security/dependabot/79 - CVE-2021-27290
• webpack-dev-middleware https://github.com/microsoft/botbuilder-js/security/dependabot/338 - CVE-2024-29180
• ws https://github.com/microsoft/botbuilder-js/security/dependabot/85 - CVE-2021-32640
• y18n https://github.com/microsoft/botbuilder-js/security/dependabot/72 - CVE-2020-7774

Specific Changes

• Updated ws from 7.1.2 to 7.5.10.
• Updated webpack, webpack-dev-server and webpack-cli to latest version of each that support node 16.
• Updated webpack plugins to latest versions.
• Updated webpack config based on the new version.

Testing

The following images show the ws package updated version, the reduction of vulnerable packages, and the browser-functional/browser-echo working.

[coveralls]

Pull Request Test Coverage Report for Build 9587628438

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.4%) to 84.075%

---

Totals
Change from base Build 9568802742:	-0.4%
Covered Lines:	20343
Relevant Lines:	22900

---

💛 - Coveralls

[coveralls]

Pull Request Test Coverage Report for Build 9587628438

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 84.431%

---

Totals
Change from base Build 9568802742:	0.0%
Covered Lines:	20425
Relevant Lines:	22900

---

💛 - Coveralls