update boxen and update-notifier

[BlueHatbRit]

What did you implement

Updated two packages which have sub-dependencies of execa 0.7.0 which has known vulnerabilities. These packages are updated in later versions of boxen and update-notifier (which uses a version of boxen).

How can we verify it

SONATYPE-2019-0206 is the security warning (with sindresorhus/execa#211 linked)

Todos

Useful Scripts

• npm run test:ci --> Run all validation checks on proposed changes
• npm run lint:updated --> Lint all the updated files
• npm run lint:fix --> Automatically fix lint problems (if possible)
• npm run prettier-check:updated --> Check if updated files adhere to Prettier config
• npm run prettify:updated --> Prettify all the updated files

• Write and run all tests
• Write documentation
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES
Is it a breaking change?: YES - Boxen 4.0 requires node 8, which would mean dropping support for node 6. I opened a PR for this due to the very low effort involved rather than an issue, if this is deemed to big of a change then I'm happy for this to be rejected.

[BlueHatbRit]

This PR is ready for review, the travis build is breaking due to node 6 as mentioned above.

[medikoo]

@BlueHatbRit great thanks for initialive.

Still those packages are kept at given versions for a reason. We need to keep support for Node.js v6, until we bump to v2 (and CI confirms it can't work on Node.js v6)

Therefore we can't take this improvement at this point.

Still, note that v2 should be released in a close future, and it'll come with those dependencies being upgraded