Upgrade yargs to fix vulnerability issue

[jjloneman]

• https://snyk.io/test/npm/webpack-dev-server/3.11.0
• Upgrade yargs peer dependency to v16 to remediate prototype pollution vulnerability issue #2854

• This is a bugfix
• This is a feature
• This is a code refactor
• This is a test update
• This is a docs update
• This is a metadata update

For Bugs and Features; did you add new tests?

Yes. Added test in cli.test.js to demonstrate that updated yargs module properly displays usage statement.

Additionally, the existing tests which pass command-line options to the webpack-dev-server cli in cli.test.js pass which prove that the updated yargs module functions as expected.

Motivation / Use-Case

Fix prototype pollution vulnerability issue in yargs.

See #2854.

Breaking Changes

No breaking changes.

Additional Info

N/A

[alexander-akait]

Breaking change and we can't update it

[codecov]

Codecov Report

Merging #2855 (fb07201) into master (4ab1f21) will decrease coverage by 0.22%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2855      +/-   ##
==========================================
- Coverage   93.77%   93.54%   -0.23%     
==========================================
  Files          34       34              
  Lines        1333     1333              
  Branches      381      381              
==========================================
- Hits         1250     1247       -3     
- Misses         81       84       +3     
  Partials        2        2              

Impacted Files	Coverage Δ
lib/utils/updateCompiler.js	97.14% <0.00%> (-2.86%)	⬇️
lib/Server.js	96.36% <0.00%> (-0.43%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4ab1f21...fb07201. Read the comment docs.

[jjloneman]

Just realized that npm install automatically changed this line for me. Running webpack-dev-server as a binary still functions the same (no breaking changes - https://docs.npmjs.com/cli/v6/configuring-npm/package-json#bin).

I can revert this line if desired.

[jjloneman]

Breaking change and we can't update it

@evilebottnawi Is there a reason why it can't be updated?

[alexander-akait]

Because

webpack-dev-server/package.json

Line 16 in 00ca2a4

"node": ">= 6.11.5"

[jjloneman]

@evilebottnawi Ah, makes sense. I'll open an issue in yargs to see if they can make a patch fix for y18n v4 for node
6 then, then I'll update my PR with the fixed compatible version if they update it.

[alexander-akait]

Thanks for the PR, fixed in master, today we will release webpack-dev-server@4-beta.0 (I will do stable release on the next week), anyway it is always should be very stable (we just move some options in other places)