Do you want to request a feature or report a bug?
Bug

What is the current behavior?
For some reason when I run yarn audit on a workspaces yarn project it only verifies the dependencies and not devDependencies

If the current behavior is a bug, please provide the steps to reproduce.
https://github.com/uyuni-project/uyuni/blob/master/susemanager-frontend/package.json

yarn add url-relative --dev (doesn't show)

yarn add url-relative (shows vulnerability)

What is the expected behavior?
The default behavior with all the packages checked for vulnerabilities

Please mention your node.js, yarn and operating system version.
yarn: 1.14.0
nodejs: 10.15.0