Apply "npm audit fix"

Some remain but cannot right now be fixed; see

    facebook/create-react-app#10945

According to a comment by the author at

    postcss/postcss@8682b1e#commitcomment-49809613

the vulnerability only affects server-side parsing of CSS, so should
not present a problem for us.  Nonetheless, will check back in a week
to see whether there's been any progress.

Author: bennorth