Resolves [High] Security Vulnerability in js-yaml

[mattxwang]

As discussed in #600, js-yaml has a high-level security vulnerability, and cosmiconfig depends on it. In this PR, I bump up the version of cosmiconfig to 5.2.0 (which should introduce no breaking changes), and regenerate the yarn.lock file. Now, running yarn audit no longer yields any high severity security errors (though there is one moderate found in lodash, and many low-level security vulnerabilities as children of jest).

Please let me know if there's anything else I should do!

[codecov]

Codecov Report

Merging #615 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #615   +/-   ##
=======================================
  Coverage   98.13%   98.13%           
=======================================
  Files          13       13           
  Lines         376      376           
  Branches       52       52           
=======================================
  Hits          369      369           
  Misses          7        7

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cbf0e0e...ef87e2c. Read the comment docs.

[okonet]

Thanks!

[okonet]

🎉 This PR is included in version 8.1.7 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀