[Security] [Dependency] Bumped istanbul-lib-instrument to 6.0.2

[BboyAkers]

What is in this PR?

• Bumping version of istanbul-lib-instrument package to the possible version 6.0.2
  • Refer to this PR for more information: fix(deps): update deps addressing CVE-2023-45133 istanbuljs#762

Why?

This lovely library uses istanbul-lib-instrument and that packages has an earlier version of babel which has this security vulnerability.
https://security.snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462

Updating this package after merging the above PR will solve this dependency chain vulnerability with minimal impact to end users.

Let me know if you all have any questions or if there's anything I can do to improve this PR 🙂. I'd be more than happy to!!

[bcoe]

@BboyAkers anything jump out to you with regards to the AppVeyor failure?

[BboyAkers]

Getting this 🤔 @bcoe

[BboyAkers]

Should I upgrade node versions?

[bcoe]

Should I upgrade node versions?

I'd suggest that we upgrade the Node version and switch to a GitHub action configuration similar to c8 (rather than using AppVeyor).

But, if we're updating the minimum Node.js version, we should make it a breaking change.

[BboyAkers]

Should I upgrade node versions?

I'd suggest that we upgrade the Node version and switch to a GitHub action configuration similar to c8 (rather than using AppVeyor).

But, if we're updating the minimum Node.js version, we should make it a breaking change.

Gotcha and agreed! I can take a stab at upgrading the node version today and create a new PR 🙂.

[bcoe]

Gotcha and agreed! I can take a stab at upgrading the node version today and create a new PR

@BboyAkers sounds good, looking forward to the PR.

Feel free to keep PMing me if I miss any updates.

[BboyAkers]

@bcoe Been hitting a wall upgrading node #1550