Investigate 6 high vulnerability warnings in client

[codemanrj]

• to see errors: In client directory, 1. delete package-lock.json 2. delete node_modules 3. run npm install
• client still runs fine, not sure how important this is in the long run

[khuang0312]

This can be fixed using npm audit fix --force @NatGeyzenTech. I didn't run this command mainly because React isn't my expertise so I don't know if this would break any other UI packages we may have. We should definitely FIX this while it's still relatively easy to do.

[codemanrj]

This can be fixed using npm audit fix --force @NatGeyzenTech. I didn't run this command mainly because React isn't my expertise so I don't know if this would break any other UI packages we may have. We should definitely FIX this while it's still relatively easy to do.

This didn't work when I tried it. Instead it resulted in 70+ high vulnerabilities and 2 critical ones. It needs to be looked into a bit more in depth.

[khuang0312]

Here's a source on good NPM security practices: https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html#5-audit-for-vulnerabilities-in-open-source-dependencies

Here's another source in the NPM docs: https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities

Potentially take a look at: npm overrides

Don't necessarily use force-resolutions... but this is one option we could use. https://itnext.io/fixing-security-vulnerabilities-in-npm-dependencies-in-less-than-3-mins-a53af735261d