added whitelist reviewDate feature

[wilsonwaters]

We occasionally add whitelist entries for vulnerabilities which don't have a current solution, but are likely to be resolved by package maintainers at some point in the future. The risk in adding a whitelist entry is we will undoubtedly forget to come back and fix the issue / upgrade packages once the vulnerability has been resolved.

This PR adds a whitelist reviewDate field, which will cause the audit to fail after the date passes. This is useful to ensure temporary whitelist entried don't get "forgotten" by causing the audit to fail.

This pull request makes the following changes:

• Updates VulnerabilitiyExcluder to handle optional reviewDate field in auditjs.json whitelist file
• Add unit tests
• Update README.md documention for whitelist usage

It relates to the following issue #s:

• Fixes [FEATURE] Whitelist entries should (optionally) be time-limited #258

cc @bhamail / @DarthHater / @allenhsieh / @ken-duck

[wilsonwaters]

Hey @bhamail , thought I'd see if you have any thoughts of this PR? Does it make sense?

I note you came across the exact same issue with node-fetch that inspired me to open this PR. Also interesting to note you added a date in the reason field of the whitelist file, which is basically what this PR is trying to address in a strcutured manner.

[bhamail]

@wilsonwaters I think this PR is great.
I’ve been putting off review in the hope we could make more progress in changing the term “whitelist” to something like “ignore” or “ignore list” see: issue #202 . The concern being making “more to change later”.