dependency updates for vulnerability alerts

[ukslim]

The result of repeatedly:

• yarn audit --level moderate
• yarn upgrade [vulnerable package]
• yarn upgrade --latest [vulnerable package] (if previous upgrade not sufficient)
• make test

... until all audit vulnerabilities are low, and tests still pass.