Create React App was created by Dan Abramov. He’s written an excellent article about the issues with npm audit in create-react-app. It’s a good read and I learned a lot about packages, npm audit and create-react-app.
https://overreacted.io/npm-audit-broken-by-design/
TL;DR
You can ignore these security vulnerabilities.