chore: npm audit fix

[legobeat]

This is the result of running npm audit fix on current master. It contains non-breaking bumps addressing at least the following advisories:

• ajv: GHSA-v88g-cgmw-v5xw
• ansi-regex: GHSA-93q8-gq69-wqmw
• decode-uri-component: GHSA-w573-4hg7-7wgq
• glob-parent: GHSA-cj88-88mr-972w
• hosted-git-info: GHSA-43f8-2h32-f4cj
• ini: GHSA-qqgx-2p2h-9c37
• json-schema: GHSA-896r-f27r-55mw
• lodash: GHSA-29mw-wpgm-hmr9
• minimist: GHSA-xvch-5gv4-984h
• path-parse: GHSA-hj48-42vr-x3v9
• qs: GHSA-hrpp-h998-j3pp
• shelljs: GHSA-64g7-mvw6-v9qj
• shelljs: GHSA-4rq4-32rv-6wp6
• y18n: GHSA-c4w7-xm78-47vh

The changes in the following PRs are contained or made outdated by this:

• Bump ajv from 6.12.2 to 6.12.6 #326
• Bump lodash from 4.17.15 to 4.17.21 #328
• Bump glob-parent from 6.0.0 to 6.0.1 #332
• Bump decode-uri-component from 0.2.0 to 0.2.2 #334
• Bump qs from 6.5.2 to 6.5.3 #335

Closes:

• update minimist to >=1.2.6 due to critical vulnerability #330
• Security issue json-schema #327

[legobeat]

@nickmerwin Are you still able to merge PRs and publish releases?

[tomasmax]

Will this PR be merged? I found a security alert in our project, which is coming from the request deprecated package. If I change it for node-fetch for example will you merge it @nickmerwin?