How to fix npm package braces issue with react-scripts v2.1.5 when npm audit does nothing?

I ran npm install [email protected] and then npm update

That still resulted in the 63 vulnerabilities but it did bring my braces to the current version. So I went through and updated ALL references of braces in the package-lock.json to 2.3.2. I then ran npm update again and when I ran npm audit the vulnerabilities were gone.

Jest is a test package and will never appear in you production bundle, you can ignore this vulnerability without risks.

This package https://github.com/naugtur/npm-audit-resolver#readme can help you to ignore low vulnerabilities.