Upgrade some packages to deal with security issue seen from npm audit

[ralic]

Requirements

No.

Description of the Change

'npm audit' found critical security issues. Package upgrade resolves some of these issues.

Alternate Designs

Refer to npm audit to fix security issues.

Why should this be in core?

Critical security issue maybe resolved.

Benefits

Critical security issue maybe resolved.

Possible Drawbacks

Tested on Debian 10, so far it's ok. Not tested on windows or other platform yet.

Applicable issues

There are still 25 vulnerabilities to be reviewed.

                   === npm audit security report === 

found 25 vulnerabilities (1 low, 24 moderate) in 32373 scanned packages
25 vulnerabilities require manual review. See the full report for details.

[jsf-clabot]

All committers have signed the CLA.

[outsideris]

Thank you for your contributions.
However, upgrading packages are better just before new release because security issues in master branch are not critical.

Also, assetgraph-builder has a performance issue, see #3412 .

[plroebuck]

@papandreou, believe 26 of these are related to AG-B.
Are they also being addressed as part of #3412?

[papandreou]

@plroebuck, I'll take a look. There are still some vulnerabilities left with the latest ag-b. Some of them appear to be buried many levels deep, so it could take some time to get it all sorted out. I've installed depfu in those of the intermediate repos that are within my control, let's see :)

[papandreou]

Tracking the progress here: assetgraph/assetgraph-builder#628