Depends on vulnerable package: minimist v0.0.8 and v1.2.0

Please answer these questions before submitting a bug report.

### What version of OpenCensus are you using?
0.0.20

### What version of Node are you using?
10.15.1

### What did you do?
Run `npm install` for my application, then run `npm ls minimist`


### What did you expect to see?
opencensus-node should only depend on packages that do not contain vulnerabilities.

### What did you see instead?
Here's the dependency graph:

+-- @opencensus/nodejs@0.0.20
| `-- @opencensus/instrumentation-all@0.0.20
|   `-- @opencensus/instrumentation-grpc@0.0.20
|     `-- grpc@1.24.2
|       `-- node-pre-gyp@0.14.0
|         +-- mkdirp@0.5.1
|         | `-- minimist@0.0.8
|         `-- rc@1.2.8
|           `-- minimist@1.2.0

### Additional context
minimist v0.0.8 and minimist v1.2.0 contain a vulnerability - see https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-7598/


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Depends on vulnerable package: minimist v0.0.8 and v1.2.0 #790

What version of OpenCensus are you using?

What version of Node are you using?

What did you do?

What did you expect to see?

What did you see instead?

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development