add dev-dependency: improved-yarn-audit

"improved-yarn-audit" (license: MIT), complements plain "yarn audit",
making audits easier to integrate in CI pipelines. The output is short
and to-the-point, making it useful immediately.

    Simple usage examples:
    $> yarn run improved-yarn-audit
    $> yarn run improved-yarn-audit --ignore-dev-deps

Here's the currint output for the Theia repo (with this PR in):

$> yarn run improved-yarn-audit
Improved Yarn Audit - v3.0.0

Minimum severity level to report: low

Running yarn audit...

Found 2 vulnerabilities

Vulnerability Found:

  Severity: MODERATE
  Modules: jsdom
  URL: GHSA-f4c9-cqv8-9v98

Vulnerability Found:

  Severity: HIGH
  Modules: lerna>nx>axios
  URL: GHSA-cph5-m8f7-6c5x

Signed-off-by: Marc Dumais <[email protected]>

Author: marcdumais-work

package.json

@@ -38,6 +38,7 @@
     "glob": "^7.1.7",
     "if-env": "^1.0.4",
     "ignore-styles": "^5.0.1",
+    "improved-yarn-audit": "^3.0.0",
     "jsdom": "^11.5.1",
     "lerna": "^5.5.4",
     "node-gyp": "^9.0.0",

yarn.lock

@@ -6879,6 +6879,11 @@ import-local@^3.0.2:
     pkg-dir "^4.2.0"
     resolve-cwd "^3.0.0"
 
+improved-yarn-audit@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-3.0.0.tgz#dfb09cea1a3a92c790ea2b4056431f6fb1b99bfa"
+  integrity sha512-b7CrBYYwMidtPciCBkW62C7vqGjAV10bxcAWHeJvGrltrcMSEnG5I9CQgi14nmAlUKUQiSvpz47Lo3d7Z3Vjcg==
+
 imurmurhash@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"