Update binary-install dependencies to address CVE on axios

[Cellule]

There's a vulnerability on axios
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45857
I also looked at updating the other dependencies.
This might require a major bump on binary-install since rimraf dropped support for node 14 effectively making this project also requiring node 14+
The other breaking changes on rimraf seemed minimal, only the removal of default export seems to affect this project.

It seems I also bumped the lockfile version, it should be a transparent change

[ptakizawa-daitan]

Hey, any idea on when this PR will be merged?

[reknih]

We'd also like to see this PR merged! I'm aware that most people run binary-install as a dev dependency and the real-world impact is probably close to zero -- however, the vulnerability clutters the output of automatic scanning tools such as npm audit and lessens visibility of true vulnerabilities.

IMHO the bump of the minimum Node version to Node 14 is justifiable. Node 14 released more than four years ago, its support ended more than 550 days ago at the time of writing, so most users of this library that will bump their lock file are likely to be on Node 18 or newer.