fix: update package-lock for high severity items

[shazron]

fixes #617

Description

Only moderate items remain:

$ npm audit
# npm audit report

axios  0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @adobe/aio-cli-plugin-app@9.2.0, which is a breaking change
node_modules/axios
  @adobe/aio-lib-console-project-installation  *
  Depends on vulnerable versions of axios
  node_modules/@adobe/aio-lib-console-project-installation
  @adobe/aio-lib-templates  *
  Depends on vulnerable versions of axios
  node_modules/@adobe/aio-lib-templates
    @adobe/aio-cli-plugin-app  9.2.0-pre.2022-09-27.805ee90c || >=10.0.0
    Depends on vulnerable versions of @adobe/aio-lib-templates
    node_modules/@adobe/aio-cli-plugin-app
    @adobe/aio-cli-plugin-app-templates  *
    Depends on vulnerable versions of @adobe/aio-lib-console-project-installation
    Depends on vulnerable versions of @adobe/aio-lib-templates
    node_modules/@adobe/aio-cli-plugin-app-templates

5 moderate severity vulnerabilities

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• I have signed the Adobe Open Source CLA.
• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[shazron]

⚠️

1. npm run gen-health fails. (All) FIXED
2. npm run postpack fails (Windows, rm does not exist) FIXED
3. npm run unlink fails (Windows, rm does not exist) defer to new issue, may be irrelevant. see npm scripts are not cross-platform #618
4. npm run link fails (are we doing linking on Windows?) defer to new issue, may be irrelevant. see npm scripts are not cross-platform #618

[shazron]

codecov needs to be updated with v4 and using the codecov token:

    - name: upload coverage
      if: success()
      uses: codecov/codecov-action@v4
      with:
        name: ${{ runner.os }} node.js ${{ matrix.node-version }}
        token: ${{ secrets.CODECOV_TOKEN }}
        fail_ci_if_error: false

updated

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (91824d7) to head (3c5a06c).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #616   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          238       238           
  Branches        47        47           
=========================================
  Hits           238       238           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.