Fix npm audit issue

[lkngtn]

luke at beehive in ~/repos/1hive/website on master [!$]
$ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.3.5                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ remarkable                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ remarkable > argparse > underscore.string                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/745                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.3.5                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ docusaurus                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ docusaurus > markdown-toc > remarkable > argparse >          │
│               │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/745                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.3.5                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ docusaurus                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ docusaurus > remarkable > argparse > underscore.string       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/745                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 2.6.9 < 3.0.0 || >= 3.1.0                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ docusaurus [dev]                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ docusaurus > tcp-port-used > debug                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/534                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 4 vulnerabilities (1 low, 3 moderate) in 6512 scanned packages
  4 vulnerabilities require manual review. See the full report for details.

It seems the issue is with underscore.string but not sure exactly how to rev the version given dependencies.

[yeqbfgxjiq]

(Copying from Keybase so that all the info is in one place)

I've gotten similar messages for a lot of my projects/docusauruses. I imagine that the Docusaurus team will create a fix and we can update. Also, Docusaurus V2 is rolling along quite nicely so I imagine we'll probably just want to upgrade to that in a few months which will hopefully fix any current problems.

Also, since we're rolling a static site I don't think there's much danger in the vulnerability. Remarkable just allows you to embed Markdown into React elements. Our current site is already built and deployed, so it's good to go. If we publish a major update it might be a concern, but as is everything is working and (afaik) users are totally safe browsing our static site

[yeqbfgxjiq]

@lkngtn I'm not seeing that annoying yellow banner from Github warning us that there's a security vulnerability anymore. Did it just magically go away, or did we do something to fix it?