Audit dependencies and clean up dependency tree

[rumkin]

This PR fixes #952 issue to remove vulnerable dependencies from EthereumJS libraries.

TODOLIST

@ethereumjs/block

	Found	Fixed
deps	0	0
dev-deps	0	0

@ethereumjs/blockchain

	Found	Fixed
deps	0	0
dev-deps	0	0

@ethereumjs/common

	Found	Fixed
deps	0	0
dev-deps	0	0

@ethereumjs/ethash

	Found	Fixed
deps	0	0
dev-deps	0	0

@ethereumjs/tx

	Found	Fixed
deps	0	0
dev-deps	9	9

• Removed redundant contributor package. Reason: dependency is not in use.

@ethereumjs/vm

	Found	Fixed
deps	0	0
dev-deps	144	0

[codecov]

Codecov Report

Merging #955 (f59e9c5) into master (81fc88b) will decrease coverage by 0.07%.
The diff coverage is n/a.

Flag	Coverage Δ
block	77.41% <ø> (ø)
blockchain	77.39% <ø> (ø)
common	91.87% <ø> (-0.25%)	⬇️
ethash	82.08% <ø> (ø)
tx	86.04% <ø> (ø)
vm	87.21% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[holgerd77]

@rumkin This looks like a great start on this, cool! 👍

Two notes:

1. There is the wrong issue linked in the initial comment
2. @herumi was superquick on Move nyc from dependencies to devDependencies herumi/mcl-wasm#17 (thanks a thousand times for that 😄 😄 ) and already released versions v0.6.0, v0.7.0 and v0.7.1 (this should be it now I hope) 😄 on the mcl-wasm package without the nyc dependency so you can directly take this in here once you are comfortable that other things are working

[rumkin]

@holgerd77 Thanks for reviewing it so quickly!

1. Wrong linked issue fixed.
2. I've tested this with mcl-wasm v0.7.0. Now I've updated this to 0.7.1. So npm audit made with fixed dependencies records in mcl-wasm. I'll commit the latest version of the lib in this PR.

[holgerd77]

Short informational note: I've just merged #953 from @evertonfraga which is bringing the ethereumjs-testing dependency (respectively mainly the ethereum/tests git submodule) into the monorepo. In case if you haven't followed this, if you want to update/rebase your branch on this you need to run:

cd ethereumjs-vm
npm run bootstrap
git submodule init
git submodule update (takes a while since several 100MB of package size)

[rumkin]

Rebased changes from #953 through master branch.

[holgerd77]

@rumkin have given this a "WIP" label, please change to "PR: Ready for review" label once you consider this ready and - important - also drop a note here, since this label change - won't trigger a separate notification by GitHub.

[rumkin]

@holgerd77 Done. It's ready now. I think someone need to reproduce audit independently. I've described actions to be made in the comment to original issue.

[holgerd77]

LGTM, can confirm the vulnerabilities on the VM going to 0 on a packaged install, thanks Paul!