use improved-yarn-audit and exclude 1002401 and 1002581 (#12310)

* use improved-yarn-audit and exclude 1002401

.circleci/scripts/yarn-audit.sh

@@ -3,7 +3,9 @@
 set -u
 set -o pipefail
 
-yarn audit --level moderate --groups dependencies
+# use `improved-yarn-audit` since that allows for exclude
+# exclude 1002401 until we remove use of 3Box, 1002581 until we can find a better solution
+yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude 1002401,1002581
 audit_status="$?"
 
 # Use a bitmask to ignore INFO and LOW severity audit results

.depcheckrc.yml

@@ -29,6 +29,7 @@ ignores:
   - "source-map-explorer"
   # development tool
   - "yarn-deduplicate"
+  - "improved-yarn-audit"
   # storybook
   - "@storybook/core"
   - "@storybook/addon-backgrounds"

package.json

@@ -287,6 +287,7 @@
     "gulp-watch": "^5.0.1",
     "gulp-zip": "^4.0.0",
     "history": "^5.0.0",
+    "improved-yarn-audit": "^2.3.3",
     "jest": "^26.6.3",
     "jsdom": "^11.2.0",
     "koa": "^2.7.0",

yarn.lock

@@ -14631,6 +14631,11 @@ import-local@^3.0.2:
     pkg-dir "^4.2.0"
     resolve-cwd "^3.0.0"
 
+improved-yarn-audit@^2.3.3:
+  version "2.3.3"
+  resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-2.3.3.tgz#da0be78be4b678c73733066c9ccd21e1958fae8c"
+  integrity sha512-chZ7zPKGsA+CZeMExNPf9WZhETJLkC+u8cQlkQC9XyPZqQPctn3FavefTjXBXmX3Azin8WcoAbaok1FvjkLf6A==
+
 imurmurhash@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"