[yarn audit] add support for "audit-level" option (feature parity with "npm audit")

[simonespa]

Do you want to request a feature or report a bug?
This is a feature request. Wasn't sure if it's considered substantial though. If so, I'll be happy to follow the https://github.com/yarnpkg/rfcs procedure.

What is the current behavior?
The yarn audit command returns "a non-0 exit code if there are issues of any severity found" (see https://yarnpkg.com/lang/en/docs/cli/audit/#toc-yarn-audit). This means that if you integrate this command in a CI tool - let's say Jenkins - the job will exit with a failure even for a low risk.

What is the expected behavior?
I'm aware that a vulnerability should be considered a risk at any level. Nonetheless, it should be given to the developer the ability to change this level by passing an option, like npm audit --audit-level <LEVEL>, to set the "minimum level of vulnerability for yarn audit to exit with a non-zero exit code." (see https://docs.npmjs.com/misc/config#audit-level)

This option will smooth the integration of yarn audit in automation, where a different action could be taken based on the risk level (which modify the exit code).

Please mention your node.js, yarn and operating system version.
Node: v10.14.2
Yarn: v1.15.2
OS: macOS Sierra version 10.12.6 - Darwin Kernel Version 16.7.0 x86_64

[rally25rs]

Would this be similar to #6716 ?

[simonespa]

Thanks @rally25rs, that's exactly what I was after. Closing this issue.