NSP is dead and the API no longer resolves - replace with yarn audit.…

[rdoh]

… see: https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting

[Gnito]

@rdoh thanks for the pull request, we were out of reach last week and haven't had time to fix this. We appreciate that there're pull requests or issues created out of deploy problems to alert others who have dependencies to this codebase.

That being said, we'll make another PR to handle the required changes a bit faster this time.

---

I actually think we should drop the CI task altogether - until we have something better figured out.

The problem is that there are lots of dependencies that come from Create React App 1.x.x version (like Prototype pollution with paths pointing to CRA fork: sharetribe-scripts > jest > jest-cli > jest-runtime > jest-haste-map > sane > exec-sh > merge), and we have exceptions for those in .nsprc file.

So, in addition to changes mentioned in this PR, I'd propose that we:

1. Drop CI
2. Remove dev dependencies:

    "nsp": "^3.2.1",
    "nsp-preprocessor-yarn": "^1.0.1",

TODO:
Now: remove circleci task
Future task: add audit script that checks against saved snapshot or exception list.

(Although, running yarn audit --json gives data worth of 10 MB - so, snapshot is probably not a good idea.)

[OtterleyW]

Closing this PR because #979 is now merged.