build(deps): Bump npm from 6.5.0 to 6.13.4 in /demo-app (#118)

Summary:
Bumps [npm](https://github.com/npm/cli) from 6.5.0 to 6.13.4.
<details>
<summary>Release notes</summary>

*Sourced from [npm's releases](https://github.com/npm/cli/releases).*

> ## v6.13.4
> ## 6.13.4 (2019-12-11)
>
> ## BUGFIXES
>
> * [`320ac9aee`](npm/cli@320ac9a) [npm/bin-links#12](https://github-redirect.dependabot.com/npm/bin-links/pull/12) [npm/gentle-fs#7](https://github-redirect.dependabot.com/npm/gentle-fs/pull/7) Do not remove global bin/man links inappropriately ([@&#8203;isaacs](https://github.com/isaacs))
>
> ## DEPENDENCIES
>
> * [`52fd21061`](npm/cli@52fd210) `gentle-fs@2.3.0` ([@&#8203;isaacs](https://github.com/isaacs))
> * [`d06f5c0b0`](npm/cli@d06f5c0) `bin-links@1.1.6` ([@&#8203;isaacs](https://github.com/isaacs))
>
> ## v6.13.3
> ## 6.13.3 (2019-12-09)
>
> ### DEPENDENCIES
>
> * [`19ce061a2`](npm/cli@19ce061) `bin-links@1.1.5` Properly normalize, sanitize, and verify `bin` entries in `package.json`.
> * [`59c836aae`](npm/cli@59c836a) `npm-packlist@1.4.7`
> * [`fb4ecd7d2`](npm/cli@fb4ecd7) `pacote@9.5.11`
>     * [`5f33040`](npm/pacote@5f33040)     [#476](https://github-redirect.dependabot.com/npm/cli/issues/476)     [npm/pacote#22](https://github-redirect.dependabot.com/npm/pacote/issues/22)     [npm/pacote#14](https://github-redirect.dependabot.com/npm/pacote/issues/14) fix: Do not     drop perms in git when not root ([isaacs](https://github.com/isaacs),     [@&#8203;darcyclarke](https://github.com/darcyclarke))
>     * [`6f229f7`](https://github.com/npm/pacote/6f229f78d9911b4734f0a19c6afdc5454034c759)     sanitize and normalize package bin field     ([isaacs](https://github.com/isaacs))
> * [`1743cb339`](npm/cli@1743cb3) `read-package-json@2.1.1`
>
> ## v6.13.2
> ## 6.13.2 (2019-12-03)
>
> ### BUG FIXES
>
> * [`4429645b3`](npm/cli@4429645) [#546](https://github-redirect.dependabot.com/npm/cli/pull/546) fix docs target typo ([@&#8203;richardlau](https://github.com/richardlau))
> * [`867642942`](npm/cli@8676429) [#142](https://github-redirect.dependabot.com/npm/cli/pull/142) fix(packageRelativePath): fix 'where' for file deps ([@&#8203;larsgw](https://github.com/larsgw))
> * [`d480f2c17`](npm/cli@d480f2c) [#527](https://github-redirect.dependabot.com/npm/cli/pull/527) Revert "windows: Add preliminary WSL support for npm and npx" ([@&#8203;craigloewen-msft](https://github.com/craigloewen-msft))
> * [`e4b97962e`](npm/cli@e4b9796) [#504](https://github-redirect.dependabot.com/npm/cli/pull/504) remove unnecessary package.json read when reading shrinkwrap ([@&#8203;Lighting-Jack](https://github.com/Lighting-Jack))
> * [`1c65d26ac`](npm/cli@1c65d26) [#501](https://github-redirect.dependabot.com/npm/cli/pull/501) fix(fund): open url for string shorthand ([@&#8203;ruyadorno](https://github.com/ruyadorno))
> * [`ae7afe565`](npm/cli@ae7afe5) [#263](https://github-redirect.dependabot.com/npm/cli/pull/263) Don't log error message if git tagging is disabled ([@&#8203;woppa684](https://github.com/woppa684))
> * [`4c1b16f6a`](npm/cli@4c1b16f) [#182](https://github-redirect.dependabot.com/npm/cli/pull/182) Warn the user that it is uninstalling npm-install ([@&#8203;Hoidberg](https://github.com/Hoidberg))
>
> ## v6.13.1
> ## 6.13.1 (2019-11-18)
>
> ### BUG FIXES
>
> * [`938d6124d`](npm/cli@938d612) [#472](https://github-redirect.dependabot.com/npm/cli/pull/472) fix(fund): support funding string shorthand ([@&#8203;ruyadorno](https://github.com/ruyadorno))
> * [`b49c5535b`](npm/cli@b49c553) [#471](https://github-redirect.dependabot.com/npm/cli/pull/471) should not publish tap-snapshot folder ([@&#8203;ruyadorno](https://github.com/ruyadorno))
> * [`3471d5200`](npm/cli@3471d52) [#253](https://github-redirect.dependabot.com/npm/cli/pull/253) Add preliminary WSL support for npm and npx ([@&#8203;infinnie](https://github.com/infinnie))
> * [`3ef295f23`](npm/cli@3ef295f) [#486](https://github-redirect.dependabot.com/npm/cli/pull/486) print quick audit report for human output ([@&#8203;isaacs](https://github.com/isaacs))
>
> ### TESTING
>
> * [`dbbf977ac`](npm/cli@dbbf977) [#278](https://github-redirect.dependabot.com/npm/cli/pull/278) added workflow to trigger and run benchmarks ([@&#8203;mikemimik](https://github.com/mikemimik))
></tr></table> ... (truncated)
</details>
<details>
<summary>Changelog</summary>

*Sourced from [npm's changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md).*

> ## 6.13.4 (2019-12-11)
>
> ## BUGFIXES
>
> * [`320ac9aee`](npm/cli@320ac9a)
>   [npm/bin-links#12](https://github-redirect.dependabot.com/npm/bin-links/pull/12)
>   [npm/gentle-fs#7](https://github-redirect.dependabot.com/npm/gentle-fs/pull/7)
>   Do not remove global bin/man links inappropriately
>   ([@&#8203;isaacs](https://github.com/isaacs))
>
> ## DEPENDENCIES
>
> * [`52fd21061`](npm/cli@52fd210)
>   `gentle-fs@2.3.0`
>   ([@&#8203;isaacs](https://github.com/isaacs))
> * [`d06f5c0b0`](npm/cli@d06f5c0)
>   `bin-links@1.1.6`
>   ([@&#8203;isaacs](https://github.com/isaacs))
>
> ## 6.13.3 (2019-12-09)
>
> ### DEPENDENCIES
>
> * [`19ce061a2`](npm/cli@19ce061)
>   `bin-links@1.1.5` Properly normalize, sanitize, and verify `bin` entries
>   in `package.json`.
> * [`59c836aae`](npm/cli@59c836a)
>   `npm-packlist@1.4.7`
> * [`fb4ecd7d2`](npm/cli@fb4ecd7)
>   `pacote@9.5.11`
>     * [`5f33040`](npm/pacote@5f33040)
>       [#476](https://github-redirect.dependabot.com/npm/cli/issues/476)
>       [npm/pacote#22](https://github-redirect.dependabot.com/npm/pacote/issues/22)
>       [npm/pacote#14](https://github-redirect.dependabot.com/npm/pacote/issues/14) fix: Do not
>       drop perms in git when not root ([isaacs](https://github.com/isaacs),
>       [@&#8203;darcyclarke](https://github.com/darcyclarke))
>     * [`6f229f7`](https://github.com/npm/pacote/6f229f78d9911b4734f0a19c6afdc5454034c759)
>       sanitize and normalize package bin field
>       ([isaacs](https://github.com/isaacs))
> * [`1743cb339`](npm/cli@1743cb3)
>   `read-package-json@2.1.1`
>
>
> ## 6.13.2 (2019-12-03)
>
> ### BUG FIXES
>
> * [`4429645b3`](npm/cli@4429645)
>   [#546](https://github-redirect.dependabot.com/npm/cli/pull/546)
>   fix docs target typo
></tr></table> ... (truncated)
</details>
<details>
<summary>Commits</summary>

- [`fd29398`](npm/cli@fd29398) 6.13.4
- [`f2aca36`](npm/cli@f2aca36) docs: changelog for 6.13.4
- [`320ac9a`](npm/cli@320ac9a) Do not remove global bin/man links inappropriately
- [`d06f5c0`](npm/cli@d06f5c0) bin-links@1.1.6
- [`52fd210`](npm/cli@52fd210) gentle-fs@2.3.0
- [`45482c2`](npm/cli@45482c2) 6.13.3
- [`118bc96`](npm/cli@118bc96) docs: changelog for 6.13.3
- [`1743cb3`](npm/cli@1743cb3) read-package-json@2.1.1
- [`fb4ecd7`](npm/cli@fb4ecd7) pacote@9.5.11
- [`59c836a`](npm/cli@59c836a) npm-packlist@1.4.7
- Additional commits viewable in [compare view](npm/cli@v6.5.0...v6.13.4)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=npm&package-manager=npm_and_yarn&previous-version=6.5.0&new-version=6.13.4)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

 ---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebookincubator/fbt/network/alerts).

</details>
Pull Request resolved: #118

Differential Revision: D19040068

Pulled By: jrwats

fbshipit-source-id: cc84fde571d6a3256c65aa959d380a5069f2e419

demo-app/package.json

@@ -70,7 +70,7 @@
     "babel-plugin-minify-replace": "0.5.0",
     "fbjs": "1.0.0",
     "fbt": "x.x.x",
-    "npm": "^6.4.1",
+    "npm": "^6.13.4",
     "optimist": "^0.6.1",
     "react": "^16.6.3",
     "react-dom": "^16.6.3"