fix: Ignore vulnerability that cannot be upgraded

Additionally, this vulnerability should not be able to touch the package using it (@vue/cli-plugin-unit-jest)
See vuejs/vue-cli#5573 for more

Author: sindre-nistad

.gitlab-ci.yml

@@ -65,7 +65,9 @@ JavaScript vulnerabilities:
   stage: check dependencies
   script:
     - 'eval $MAKE check-node-dependencies-for-vulnerabilities'
-  needs: []
+  needs:
+    - job: initialize
+      artifacts: true
 
 outdated (Python) dependencies:
   stage: check dependencies

Makefile

@@ -459,7 +459,7 @@ safety-check:
 	$(PIPENV) check
 
 check-node-dependencies-for-vulnerabilities:
-	$(YARN) audit
+	$(YARN) run improved-yarn-audit --fail-on-missing-exclutions
 
 update-dependencies: update-node-dependencies update-python-dependencies
 

src/gui/.iyarc

@@ -0,0 +1,3 @@
+# 1500 ignored because there is no fix available for it, until @vue/cli-plugin-unit-jest version 5.x
+
+1500

src/gui/package.json

@@ -79,6 +79,7 @@
     "fibers": "^4.0.2",
     "file-loader": "^5.0.2",
     "ify-loader": "^1.1.0",
+    "improved-yarn-audit": "^2.3.1",
     "jest": "^24.5.0",
     "jest-webpack-resolver": "^0.3.0",
     "lint-staged": "^9.2.0",

src/gui/yarn.lock

@@ -7417,6 +7417,11 @@ import-local@^2.0.0:
     pkg-dir "^3.0.0"
     resolve-cwd "^2.0.0"
 
+improved-yarn-audit@^2.3.1:
+  version "2.3.1"
+  resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-2.3.1.tgz#e937f32e4da250eece077693c612caef05be435b"
+  integrity sha512-jMME3sGF8RosTpQ7CMoel4F8UKJs6bvP2Dc11gkZrKynxBpulQ4bJKgGydnAyHgDavJw6NbssMrbqwVSiuw5Ug==
+
 imurmurhash@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"