chore(deps): Get audit-filter working for all packages in monorepo

* Add a lint:deps job to the top-level package.json, so lerna can run
  lint:deps in all packages in parallel.

* Also handle recent handlebars vulnerability, so that builds don't fail.

* Note, the lint:deps job is a no-op in fxa-amplitude-send, as I can't
  get it to build yet in the monorepo.

Some of the vulnerabilities are in transitive dependencies, yet the
suggested `npm update foo --depth N` command sometimes seems to do
nothing. There was a related bug in npm 6.6.0 - 6.11.2, fixed by
npm/cli#239, but perhaps that didn't fix all the
cases? (I was using npm 6.12.0.) As a workaround, I've added audit-filter
exceptions where `npm update` wasn't able to fix vulnerabilities.

Fixes #2229.

Author: jaredhirsch

package.json

@@ -6,6 +6,7 @@
     "authors": "git shortlog -s | cut -c8- | sort -f > AUTHORS",
     "postinstall": "_scripts/install_all.sh",
     "npm-ci-all": "lerna exec --parallel -- npm ci",
+    "lint:deps": "lerna exec --parallel -- npm run lint:deps",
     "start": "pm2 start mysql_servers.json && echo \"Use 'npm stop' to stop all the servers\"",
     "stop": "pm2 kill",
     "start-firefox": "./packages/fxa-dev-launcher/bin/fxa-dev-launcher",

packages/fxa-amplitude-send/package.json

@@ -21,7 +21,8 @@
   },
   "scripts": {
     "build-node-docker-image": "docker build -f Dockerfile-nodejs -t mozilla/fxa-amplitude-send:`git describe`-node .",
-    "lint": "eslint *.js bin/*.js"
+    "lint": "eslint *.js bin/*.js",
+    "lint:deps": "echo 'dependency checking not yet enabled for fxa-amplitude-send'"
   },
   "repository": {
     "type": "git",

packages/fxa-auth-db-mysql/.nsprc

@@ -1,3 +1,16 @@
 {
-  "exceptions": []
+  "comment_755": "755 is prototype pollution in handlebars, used by nyc.",
+  "comment_1065": "1065 is prototype pollution in lodash, used by nyc.",
+  "comment_1164": "1164 is prototype pollution in handlebars, used by nyc.",
+  "comment_1171": "1171 is RegExp denial of service in csv-parse, used by restify.",
+  "comment_1300": "1300 is denial of service vulnerability in handlebars, used by nyc.",
+  "comment_1316": "1316 is arbitrary code execution in handlebars, used by nyc.",
+  "exceptions": [
+    "https://npmjs.com/advisories/755",
+    "https://npmjs.com/advisories/1065",
+    "https://npmjs.com/advisories/1164",
+    "https://npmjs.com/advisories/1171",
+    "https://npmjs.com/advisories/1300",
+    "https://npmjs.com/advisories/1316"
+  ]
 }