bump ms to v2 due a ReDoS vuln (#352)

ms@0.7.3 is vulnerable to a ReDoS attack: https://snyk.io/vuln/npm:ms:20170412

Looking at the code, the breaking change in ms@2.x that the accepted string is now limited to 100 chars.

Author: dominykas

package.json

@@ -22,7 +22,7 @@
     "joi": "^6.10.1",
     "jws": "^3.1.4",
     "lodash.once": "^4.0.0",
-    "ms": "^0.7.1",
+    "ms": "^2.0.0",
     "xtend": "^4.0.1"
   },
   "devDependencies": {