Fix CVE-2022-25883 - Bump semver and make-dir + npm audit fix

[SphinxKnight]

Before

npm audit --omit=dev
# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install make-dir@4.0.0, which is a breaking change
node_modules/make-dir/node_modules/semver
node_modules/semver
  make-dir  2.0.0 - 3.1.0
  Depends on vulnerable versions of semver
  node_modules/make-dir

3 vulnerabilities (2 moderate, 1 high)

After

npm audit --omit=dev
found 0 vulnerabilities

Related

• https://github.com/mapbox/node-pre-gyp/issues/685
• https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

[SphinxKnight]

https://app.travis-ci.com/github/mapbox/node-pre-gyp/jobs/605465185 fails because Node 8 (breaking with make-dir 4) On the other hand, I don't understand (yet?) why https://app.travis-ci.com/github/mapbox/node-pre-gyp/jobs/605465186

[SphinxKnight]

@springmeyer if I may ask for help/guidance (sorry for the impoliteness), since you are apparently the author for the app1 test.

[rafaykh90]

Closed in favor of https://github.com/mapbox/node-pre-gyp/pull/691