Update dependencies for technical currency

[t1m0thyj]

This PR resolves several vulnerabilities reported in transitive deps of wdio-vscode-service when I run npm audit in my project.

Replaced download package which has several vulnerabilities and has been unmaintained for a few years with a fork @xhmikosr/downloader that is actively maintained but unfortunately doesn't define TS types. This fork is reputable and used by other projects - see saucelabs/node-saucelabs#195 and netlify/gh-release-fetch#50

There is one vulnerability left in a prod dep: [email protected] -> [email protected] -> [email protected]. This will be resolved by upgrading to webdriverio@9 in #130.

[christian-bromann]

Awesome, LGTM 👍

[wdio-bot]

Hey t1m0thyj 👋

Thank you for your contribution to WebdriverIO! Your pull request has been marked as an "Expensable" contribution.

We've sent you an email with further instructions on how to claim your expenses from our development fund.
Please make sure to check your spam folder as well. If you have any questions, feel free to reach out to us at [email protected] or in the contributing channel on Discord.

We are looking forward to more contributions from you in the future 🙌

Have a nice day,
The WebdriverIO Team 🤖

[t1m0thyj]

@christian-bromann Thanks for merging so quickly! I just realized that @xhmikosr/downloader@15 requires Node 18. Since wdio-vscode-service supports Node 16 I should have used @xhmikosr/downloader@14 for max compatibility. Sorry for this oversight, let me know if I should open a follow-up PR.

[christian-bromann]

Sorry for this oversight, let me know if I should open a follow-up PR.

No worries, mind raising a PR that updates the required Node version?