npm critical audit error

[davidradl]

There are npm audit issues on cra-client including a critical one. According to facebook/create-react-app#10411 the immer critical one does not matter, but towards the end there is a suggestion to create the following npm resolutions to force the levels up and hopefully clean up npm audit. This issue to to track the work to see if this works

"resolutions": {
    "immer": "9.0.7",
    "ansi-html": "https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz",
    "ansi-regex": "5.0.1",
    "nth-check": "2.0.1",
    "glob-parent": "6.0.1",
    "browserslist": "4.18.1"
  }

[davidradl]

Prior to any fixes npm audit on cra-client shows

found 94 vulnerabilities (2 low, 87 moderate, 4 high, 1 critical) in 2485 scanned packages
  91 vulnerabilities require semver-major dependency updates.
  3 vulnerabilities require manual review. See the full report for details. 

[davidradl]

after this change the npm audit shows
found 81 vulnerabilities (79 moderate, 2 high) in 2515 scanned packages
78 vulnerabilities require semver-major dependency updates.
3 vulnerabilities require manual review. See the full report for details.

[davidradl]

it seems it needs this change for the build to work properly.
https://stackoverflow.com/questions/64605805/npm-force-resolutions-not-working-when-installing-a-new-package