chore(package): update cosmiconfig

[mkhraisha]

Similar to #815 except it updates yarn.lock.

cosmiconfig dropped dependency on the yarn npm package which has CVEs

[mkhraisha]

@piotr-oles

[LucianBuzzo]

This also fixes an issue related to the vulnerable v1 version of the yaml package - GHSA-f9xv-q969-pqx4
Unfortunately v8.0.0 of cosmiconfig dropped support for v12 of node, which is still supported by fork-ts-checker-webpack-plugin - see https://github.com/cosmiconfig/cosmiconfig/blob/main/CHANGELOG.md#800
This is a little bit of a headache, because you end up with CVE warnings for any installation of NestJS, since the @nestjs/cli package has a transitive dependency on cosmiconfig (via this package) and the older version of cosmiconfig has a dependency on the vulnerable yaml version!
I'm not sure on the best way to proceed, my personal preference would be for the maintainers to cut a new major version and drop support for node v12, since security support for v12 ended over 1 year ago.

[github-actions]

🎉 This PR is included in version 9.0.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀