Update `mocha@6` to fix critical vulnerability

[pedrobranco]

Using mocha@4:

❯ yarn audit --level critical
yarn audit v1.22.19
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Prototype Pollution in minimist                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.2.6                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > mkdirp > minimist                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1067342                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
11 vulnerabilities found - Packages audited: 508
Severity: 2 Low | 6 Moderate | 2 High | 1 Critical
✨  Done in 0.80s.

After updating to mocha@6:

❯ yarn audit --level critical
yarn audit v1.22.19
warning mocha > debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
warning mocha > mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
8 vulnerabilities found - Packages audited: 566
Severity: 2 Low | 5 Moderate | 1 High
✨  Done in 1.31s.

[pedrobranco]

Closing on behalf of getting #48.