How important is npm audit?

[TacoV]

When you start fresh, npm audit directly finds issues.

$ npm install boardgame.io
$ npm audit
[...]
ws  7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/koa-socket-2/node_modules/ws
[...]
10 vulnerabilities (2 low, 4 moderate, 4 high)
[...]

Having npm audit "fix" the issues, it downgrades boardgame,io from 0.50.2 to 0.22.1, introducing more security issues.

$ npm audit fix --force
[...]
xmlhttprequest-ssl  <=1.6.1
Severity: critical
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/koa-socket/node_modules/xmlhttprequest-ssl
[...]
17 vulnerabilities (1 low, 4 moderate, 9 high, 3 critical)

So, what's wise here? Just ignoring the audit tool? Waiting for boardgame.io to reach versoin 1.0? Is this worth logging an issue?