Fix: upgrade react avoid ip

[dlpzx]

Feature or Bugfix

• Bugfix

Detail

There is a new vulnerability found in the package ip. Similar to the one that we faced a couple of months ago (check this PR). In fact the CVE opened now is the result of the old vulnerability being only partially fixed.

There is not a fixed version and there are no PRs open in the original repo. There is not much activity happening in this repository, so a fix might take some time. At the same time, we do not use this package directly, it is a sub-dependency from react-native packages. Since node_modules/@react-native-community/cli version: 13.6.6, does not use ip, the easiest way for us to avoid this issue is to upgrade react-native packages.

In addition, this PR removes an expired ignore for npm-audit.

Relates

• Add nsprc file to npm-audit with expiration for ip vulnerability #1056

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

• Does this PR introduce or modify any input fields or queries - this includes
  fetching data from storage outside the application (e.g. a database, an S3 bucket)?
  • Is the input sanitized?
  • What precautions are you taking before deserializing the data you consume?
  • Is injection prevented by parametrizing queries?
  • Have you ensured no eval or similar functions are used?
• Does this PR introduce any functionality or component that requires authorization?
  • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  • Are you logging failed auth attempts?
• Are you using or adding any cryptographic features?
  • Do you use a standard proven implementations?
  • Are the used keys controlled by the customer? Where are they stored?
• Are you introducing any new policies/roles/users?
  • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.