NPM vulnerability database update

[nothingismagick]

@bscofield @isaacs

Can you please mark the 2.8.9 release as actually fixing the vuln too?
https://www.npmjs.com/advisories/1677

This is started to trickle downstream:
npm/normalize-package-data#120

Here is the proof, in case anyone needs it:
v2.8.8...v2.8.9

[RealDrewKlayman]

@nothingismagick They just did.

[nothingismagick]

I'll check locally and then close.

[nothingismagick]

Thanks, can confirm audit passes.