Fix vulnerabilities in dev dependencies

Currently the packages of browserlist and hosted-git-info are called out for being vulnerable to ReDOS attacks. While the risk of these vulnerabilities is reasonably small, as fixed versions exist, these should be used.

This patch fixes some dev dependency vulnerabilities by forcing newer versions of the affected dependencies on all downstream projects.