Update transitive dependencies, fix vulnerability

Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2018-3728

`rm yarn.lock`
`yarn install`

There is currently no way to update single transitive dependencies
see: yarnpkg/rfcs#54

Author: roschaefer