Resolve npm audit issues in platforms - patch updates

From private discussions I discovered that running npm audit on a number of components would report dependencies with security issues. While we could not see any npm audit issues that may affect applications built using Cordova I think it is extremely important to resolve these issues as soon as possible. Most affect devDependencies used for testing of Cordova itself; a minority seem to affect Cordova scripts that may be run by Cordova application developers. Better safe than sorry!

I would like to resolve this issue as follows:

• patch release of common library components such as cordova-common, cordova-lib, etc. (fixed in minor release branch) - solution for other components to be tracked on GitHub, moved out of the scope of this issue
• patch or minor release of other affected components such as CLI, Cordova platform implementations, major plugins, etc. (expected to be fixed in minor release branch; do not want to pollute the master branch with extra reverts, updated node_modules committed, etc.) - solution for other components to be tracked on GitHub, moved out of the scope of this issue
• npm audit issues resolved in master branch for next major release, which should NOT be shipped with any npm audit issues lurking - to be tracked on GitHub, as part of general update of dependencies, moved out of the scope of this issue
• npm audit step added to CI for both patch release and next major release (not wanted)