Vulnerability warnings due to outdated package-lock.json

[KillyMXI]

Used the exercism download --exercise=dnd-character --track=javascript command to get the dnd-character exercise.
After executing npm i I got a counter of vulnerabilities at several thousands.
NPM Audit shows it is all about a single library somewhere deep in the dependencies that was fixed already.

This particular lock file should be regenerated.
And isn't there any planned/automated audit checks to prevent an accumulation of issues like this?

[SleeplessByte]

These are automated and come in regularly.
https://github.com/exercism/javascript/blob/master/scripts/sync syncs the package.json. However, we (iirc) do NOT provide a package-lock.json for the exercise-level. That means that the initial install (the one you do when you pull the exercise) might not actually have the fixes until you run the audit.

In short: you'll see the warnings unless you run audit fix, or when ⬆️ upstream is fixed.

[tejasbubane]

This should be fixed by #702.

[SleeplessByte]

It still leaves the issue with npm and locks.

[KillyMXI]

No package versions update were needed to remove the warning - it was addressed in patch versions of related packages already.
It was enough to manually remove lock file and node_modules, then reinstall to clear the warning.

Just checked. 15834 high severity vulnerabilities still reported on fresh install.
If you have another housekeeping routine to update package-lock.json files - that will actually remove the issue.

[tejasbubane]

Created #703