Upgrade nyc to a version not affected by https://nodesecurity.io/advisories/577

[apupier]

even if it is a dev dependency it will make the build cleaner and easier to detect potential security issue with dependency

[phated]

This is not possible due to our build matrix. It is a devDependency so it doesn't affect anything. If you'd like to send a PR to disable npm audit on install to clean up the builds, we're happy to accept that.