[4.4] Update node_modules cross-spawn and nanoid

[richard67]

Pull Request for Issue # .

Summary of Changes

This pull request (PR) updates the 2 NPM dependencies "cross-spawn" and "nanoid".

• "cross-spawn" is updated from version 7.0.3 to version 7.0.6.
  See https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md for the changes.
• "nanoid" is updated from version 3.3.6 to version 3.3.8.
  See https://github.com/ai/nanoid/blob/main/CHANGELOG.md for the changes.

This fixes 2 security vulnerabilities reported by npm audit, 1 high severity for "cross-spawn" and 1 low severity for "nanoid".

As we do not ship the node_modules with our installation or update packages, these vulnerabilities do not affect Joomla end user but only development environments.

This PR can be merged at any time just before the next 4.4.10 security release.

Testing Instructions

npm audit

Actual result BEFORE applying this Pull Request

# npm audit report

cross-spawn  7.0.0 - 7.0.4
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/cross-spawn

nanoid  <3.3.8
Infinite loop in nanoid - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix`
node_modules/nanoid

tinymce  <=6.8.5
Severity: moderate
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes - https://github.com/advisories/GHSA-438c-3975-5x3f
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements - https://github.com/advisories/GHSA-5359-pvf2-pw78
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option - https://github.com/advisories/GHSA-9hcv-j9pv-qmph
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements - https://github.com/advisories/GHSA-w9jx-4g6g-rp7x
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/tinymce

3 vulnerabilities (1 low, 1 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Expected result AFTER applying this Pull Request

# npm audit report

tinymce  <=6.8.5
Severity: moderate
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes - https://github.com/advisories/GHSA-438c-3975-5x3f
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements - https://github.com/advisories/GHSA-5359-pvf2-pw78
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option - https://github.com/advisories/GHSA-9hcv-j9pv-qmph
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements - https://github.com/advisories/GHSA-w9jx-4g6g-rp7x
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/tinymce

1 moderate severity vulnerability

To address all issues (including breaking changes), run:
  npm audit fix --force

Link to documentations

Please select:

• Documentation link for docs.joomla.org:

• No documentation changes for docs.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed

[SniperSister]

I have tested this item ✅ successfully on 6fe1dc1

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44622.}