fix: package.json & yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:http-proxy-agent:20180406
- https://snyk.io/vuln/npm:https-proxy-agent:20180402
- https://snyk.io/vuln/SNYK-JS-IP-6240864
- https://snyk.io/vuln/npm:base64url:20180511
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857
- https://snyk.io/vuln/SNYK-JS-NETMASK-1089716
- https://snyk.io/vuln/SNYK-JS-NETMASK-6056519
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-IP-7148531
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/SNYK-JS-LODASH-73639

package.json

@@ -67,17 +67,17 @@
     ]
   },
   "dependencies": {
-    "auth0": "^2.8.0",
+    "auth0": "^2.38.0",
     "auth0-extension-hapi-tools": "1.2.2",
     "auth0-extension-tools": "1.3.1",
     "boom": "3.2.2",
     "hapi": "13.5.0",
-    "hapi-auth-jwt2": "7.0.1",
+    "hapi-auth-jwt2": "8.8.0",
     "inert": "4.0.1",
     "joi": "9.0.4",
-    "jsonwebtoken": "^8.1.0",
-    "jwks-rsa": "1.1.1",
-    "nconf": "^0.8.4",
+    "jsonwebtoken": "^8.5.0",
+    "jwks-rsa": "1.8.0",
+    "nconf": "^0.11.0",
     "open": "^0.0.5",
     "request": "^2.85.0",
     "webtask-tools": "^3.2.0",