Integrate Snyk in Compass CI to spot security issues with severity >= "high" ( "high" and "critical") for Compass and DE as early as possible.

snyk test --all-projects --severity-threshold=high

As part of this, for any issue found by snyk consider:

• fixing it in the same PR
• ignoring it in the same PR if is not actually harmful (unreached code, etc ..)
• ignoring it in the same PR and create a followup ticket to address the issue in case the fix would require significant effort or not be yet available

NOTES:

• NPM 8 introduced a convenient way to bump nested dependencies that may be useful to fix some of the issues: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides, it only works if specified on the root package.json