Handle CVEs for graphql-spring-boot-autoconfigure-15.0.0.jar: subscriptions-transport-ws-browser-client.js

Lodash is directly included in the affected file subscriptions-transport-ws-browser-client.js, which in turn is part of the included graphiql version. Unfortunately the project has been archived and there will be no updates anymore. Since graphiql is a pure developer tool and only enabled in preview mode, the reported security risk is considered only moderate to low, thus CVE-2019-10744, CVE-2020-8203, CVE-2021-23337, CVE-2018-3721, CVE-2019-1010266, CVE-2018-16487, CVE-2020-28500 were suppressed.

The whole library will be replaced with CM12 version 2404 by the latest version of Spring-GraphQL, which is much better supported as a part of the Spring project and also includes a maintained and updated version of graphiql.

(CMS-24020)