[Manual Backport 1.3] [CVE-2020-36632] Bumps flat from 4.1.1 to 5.0.2

[ZilongX]

Description

• This is a manual backport of [2.x] [CVE-2020-36632] Bumps flat from 4.1.1 to 5.0.2 #3419 from 2.x
• This one resolves CVE-2020-36632 in 1.3 which would be a release candidate for 1.3.9

Issues Resolved

Resolved #3167

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
  • yarn test:ftr
• New functionality includes testing.
• New functionality has been documented.
• Update CHANGELOG.md
• Commits are signed per the DCO using --signoff

[codecov-commenter]

Codecov Report

Merging #3520 (f04a513) into 1.3 (ddd7f50) will decrease coverage by 0.05%.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##              1.3    #3520      +/-   ##
==========================================
- Coverage   67.49%   67.44%   -0.05%     
==========================================
  Files        3044     3044              
  Lines       58694    58694              
  Branches     8902     8902              
==========================================
- Hits        39613    39589      -24     
- Misses      16932    16952      +20     
- Partials     2149     2153       +4     

Flag	Coverage Δ
Linux	67.44% <ø> (ø)
Windows	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
src/dev/build/lib/get_build_number.ts	57.14% <0.00%> (-42.86%)	⬇️
packages/osd-cross-platform/src/path.ts	48.83% <0.00%> (-37.21%)	⬇️
...ges/osd-apm-config-loader/src/config.test.mocks.ts	91.30% <0.00%> (-8.70%)	⬇️
src/dev/build/lib/config.ts	79.41% <0.00%> (-5.89%)	⬇️
src/setup_node_env/harden/child_process.js	84.61% <0.00%> (-3.85%)	⬇️
...ic/application/models/sense_editor/sense_editor.ts	64.88% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[ZilongX]

    ✓ reads config from a file, returns an instance of Config class
    ✓ merges setting overrides into log
    ✓ supports loading config files from within config files
    ✓ throws if settings are invalid


  412 passing (8s)

✨  Done in 15.62s.`

All Mocha test cases are passed all good on Local btw.

Remote check seems good as well as all checks passed.

[joshuarrrr]

ignoring whitesource failure

[opensearch-trigger-bot]

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-1.x 1.x
# Navigate to the new working tree
pushd ../.worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-3520-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 e671dc0f5fdaf033bded4e336cb10681d7902fcf
# Push it to GitHub
git push --set-upstream origin backport/backport-3520-to-1.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-3520-to-1.x.

[joshuarrrr]

Manually backported to 1.x for consistency