Bump version of debug - vulnerability

[iranreyes]

I noticed that tar-pack is using the version ^2.2.0 of debug and we should bump this version given some dependency packages of this version has well-known vulnerabilities.

File: https://github.com/ForbesLindesay/tar-pack/blob/master/package.json#L14

How it should be?

  "optionalDependencies": {
    "debug": "^3.1.0"
  },

Vulnerability:

1. debug
   tar-pack@3.4.0 > debug@2.6.8
   https://snyk.io/vuln/npm:debug:20170905

This vulnerability is fixed in debug version 3.1.0

Environment

1. node -v: v8.7.0
2. npm -v: 5.5.1

Steps to Reproduce

1. Install snyk
2. Run: snyk test

Expected Behavior

No vulnerabilities report

Actual Behavior

I am seeing a vulnerability report related to debug@2.6.8

[davedbase]

I'm seeing this issue as well. Using the grpc package which depends on node-pre-gyp which depends on tar-pack. Hoping the debug bump could be pushed soon. Thanks!