Upgrade minimist.

This one's confusing.
https://github.com/github/webauthn-json/network/alerts shows alerts for two packages as part of the same CVE (CVE-2020-7598): `acorn` and `minimist`.
(The details state that this is simultaneously a "high severity" vulnerability but also "moderate severity".)
Dependabot created a PR for `acorn` (#17), but not for `minimist`.

`npm audit` doesn't seem to know about the `minimist` vuln.
`npm audit fix` upgraded an entirely different package (`kind-of`), which I committed in the preceding change.

So I've done this:

    npm install minimist # upgrades past the vulnerable version
    git checkout package.json
    # then manually restore `"dev": "true"` line to `package-lock.json` entry for `minimist`

Author: lgarron