[naugtur]

Compare with npm-audit-resolver in terms of how the ignores are defined. It's important to not be too vague when ignoring things.

Let me plug this as it contains a lot of references https://dev.to/naugtur/do-you-need-help-with-your-npm-audit-...

Meanwhile I'll try to get someone from IBM involved in the OpenJSF collab space