Upgrade node-sass to resolve tar vulnerability

[shawnbot]

See sass/node-sass#2625 (comment) for why this is tricky to fix.

TL;DR: Deep down in our dependency tree (node-sass → node-gyp → node-tar) lives an old version of tar that's susceptible to an arbitrary file overwrite vulnerability. We can't resolve it by just installing a newer version of tar; we're stuck waiting on a new node-sass release.

[shawnbot]

FYI, according to sass/node-sass#2625 (comment), running npm audit --fix and committing package-lock.json should resolve this now. ❤️

[simurai]

@shawnbot still thinking about Primer CSS.. 😄 ❤️

Gave this a try in #1161

[shawnbot]

@simurai Just going through my backlog of issues and trying to clean things up. I hope you're well!