chore(deps): switched from request to @theia/request

[kittaakos]

What it does

This PR replaces request with @theia/request to eliminate all dependency vulnerabilities detected by yarn audit.

% yarn audit
yarn audit v1.22.18
0 vulnerabilities found - Packages audited: 1912
✨  Done in 1.35s.

How to test

• CI should pass, and
• yarn audit should produce the 0 vulnerabilities found result

Closes #12401

Review checklist

• As an author, I have thoroughly tested my changes and carefully followed the review guidelines

Reminder for reviewers

I have no idea how to test/verify the HTTP and GitHub plugin resolvers 😕

• As a reviewer, I agree to behave in accordance with the review guidelines

[kittaakos]

Can somebody please advise what to do to fix the license check? Thank you!

X npm/npmjs/-/nwsapi/2.2.4, 
ERROR: Found results that aren't part of the baseline!
X npm/npmjs/@types/jsdom/21.1.1, 

[kittaakos]

I have made the requested changes and downgraded to jsdom@17. The 3pp check still fails with the following error:

ERROR: Found results that aren't part of the baseline!
X npm/npmjs/-/nwsapi/2.2.4, 

nwsapi has MIT license. What's the procedure to pass the 3pp check? Thanks!

[paul-marechal]

yarn audit no longer warns about vulnerabilities.

[paul-marechal]

@kittaakos there's not much you can do about new dependencies that cause dash-license to fail but @vince-fugnitto ran the tool in auto-review mode on your PR to make the check go green.

[kittaakos]

@kittaakos there's not much you can do about new dependencies that cause dash-license to fail but @vince-fugnitto ran the tool in auto-review mode on your PR to make the check go green.

If the PR does not require a CQ, I would bump jsdom to 22+ instead of 17. Let me know what you think. Thanks!

[vince-fugnitto]

If the PR does not require a CQ, I would bump jsdom to 22+ instead of 17. Let me know what you think. Thanks!

@kittaakos I'm fine with bumping to the latest if it works well, I'll perform a dash-licenses review as necessary.

[kittaakos]

I'm fine with bumping to the latest if it works well, I'll perform a dash-licenses review as necessary.

I bump to the latest jsdom and push it. The tests pass. I push the changes in a few minutes. Thanks!

[kittaakos]

I bump to the latest jsdom and push it.

It's done.

[vince-fugnitto]

• npm/npmjs/-/entities/4.5.0 IP check

[paul-marechal]

I wanted to merge but GH tells me there are conflicts? Can you look into it? I'll merge then.

[kittaakos]

Can you look into it? I'll merge then.

Thanks! I rebased the PR from the master branch and pushed the changes. I had to force-push it 😕

[msujew]

@kittaakos The branch is out of date, so we can't merge it. Can you allow edits to your PR from collaborators, so that we can rebase the branch ourselves before merging?

[kittaakos]

Can you allow edits to your PR from collaborators

Done. Thanks for taking care of it. Great support from all of you 👏