[BUG] npm audit fix doesn't work

Problem

Is there an existing issue for this? - [X] I have searched the existing issues Current Behavior In my project, when running `npm audit`, one of the reported vulnerable packages is listed with the message “fix available via `npm audit fix`”, but running `npm audit fix` doesn’t lead to any updated packages and the exact same output as from the earlier run of `npm audit` is logged. This occurs on https://github.com/kleinfreund/vue-accessible-color-picker/commit/35bec0e751abad872de79657053cb8de07321faa. Which dependency from my package.json file is actually the vulnerable one I cannot tell with the new output of `npm audit` in npm 7. This is what the output looks like: [code block] Expected Behavior When seeing a message with the clear instruction “fix available via `npm audit fix`”, I expect this to be truthful and `npm audit fix` to always produce a changed package-lock.json file. Steps To Reproduce 1. Run `git clone https://github.com/kleinfreund/vue-accessible-color-picker.git` 2. Run `git checkout 35bec0e751abad872de79657053cb8de07321faa` to checkout the commit on the project’s `main` branch at the time of writing this. 3. Run `npm install` 4. Run `npm audit`. ~Observe how currently this includes an entry with the message “fix available via `npm audit fix`”.~ For this particular advisory, this is no longer the case, unfortunately. 5. Run `npm audit fix` Environment - OS: Ubuntu 20.04 - Node: v14.17.1 - npm: 7.19.0