chore: [security] bump madge from 3.7.0 to 4.0.1

[dependabot-preview]

Bumps madge from 3.7.0 to 4.0.1. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Improper Neutralization of Special Elements used in a Command This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Affected versions: < 4.0.1

Changelog

Sourced from madge's changelog.

v4.0.1 (Mars 5, 2021)

• Fix potential command injection vulnerability

v4.0.0 (Jan 5, 2021)

• Upgrade core dependencies and require Node.js 10.13 (Thanks to @realityking)

v3.12.0 (Nov 2, 2020)

• Updated to [email protected] with support for mixing TypesScript and Javascript imports

v3.11.0 (Oct 1, 2020)

• Add support for combining --circular and --dot (Thanks to @SaeedZhiany)

v3.10.0 (Sep 14, 2020)

• Add support for combining --image and --circular option to get a graph with only circular dependencies (Thanks to @gaspardip)

v3.9.2 (June 16, 2020)

• Updated dependencies to resolve TypeScript issues

v3.9.1 (June 08, 2020)

• Improved performance when reading TypeScript config (Thanks to @FauxFaux)

v3.9.0 (May 07, 2020)

• Better support for TypeScript >=3.8 “import type” (Thanks to @eelco)

v3.8.0 (Mars 09, 2020)

• Added leaves option to show modules that do not have dependencies (Thanks to @avahe-kellenberger)

Commits

• abae6d0 4.0.1
• da5cbc9 Fix potential command injection vulnerability
• c0600c4 4.0.0
• dfbd312 Merge pull request #269 from realityking/node-10
• 5ca410c Upgrade commander to version 6
• fe8a186 Upgrade core dependencies
• eee3dc0 Require Node.js 10.13
• e135916 3.12.0
• e4be868 Update README
• 0eaccb7 Bump dependency-tree to 7.2.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)