skott is pinning a specific, old version of `effect` which now has a security issue

[kgetz-arista]

The pinned version can be seen here: https://github.com/antoine-coulon/skott/blob/main/packages/skott/package.json#L54

This version is from 2 years ago (which is bad on its own) but now we're getting security advisories in our repo, via skott:

┌───────────────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Issue         │ Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Severity      │ high                                                                                                     │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Dependency    │ effect                                                                                                   │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Version       │ 3.3.2                                                                                                    │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Full path     │ geiger-lib > geiger-aaa > skott > effect                                                                 │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Vulnerable in │ <3.20.0                                                                                                  │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.20.0                                                                                                 │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Suggested fix │ Upgrade to version 3.20.0 or later                                                                       │
├───────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-38f7-945m-qr2g                                                        │
└───────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────┘

Recommendation: use version ranges, not pinned versions

[yslpn]

Please mark all dependencies as ^; this will greatly help fix such vulnerabilities.

This isn't the first time I've encountered skott with vulnerabilities that require creating an issue.

[antoine-coulon]

Thanks for reporting the issue @kgetz-arista

A new version (0.35.9) of skott with an updated version of effect was just pushed.

@yslpn sorry for the inconvenience. What about considering to open a PR solving the problem instead of creating multiple issues? Any PR is more than welcome.