fix: bump nodemon to remove event-stream dep

This fix removes a dependency on event-stream introduced by `nodemon` via `pstree` by bumping `nodemon` and `pstree.remy` through `nodemon` to a version that does not include `pstree`.

[event-stream](dominictarr/event-stream#116) had a malicious bit of code added to version `3.3.6` which has since been removed from github and appears to have specifically targeted [copay](https://github.com/bitpay/copay/issues/9346).

From the original post in the `event-stream` repo:
>    **Am I affected?:**
> If you are using anything crypto-currency related, then maybe. As discovered by @maths22, the target seems to have been identified as copay related libraries. It only executes successfully when a matching package is in use (assumed to by copay at this point). If you are using a crypto-currency related library and if you see [email protected] after running npm ls event-stream flatmap-stream, you are most likely affected. For example:
> ```
>    $ npm ls event-stream flatmap-stream
>    ...
>    [email protected]
>    ...
> ```

>    **What does it do**:
>    Other users have done some good analysis of what these payloads actually do.
>        dominictarr/event-stream#116 (comment)
>        dominictarr/event-stream#116 (comment)
>        dominictarr/event-stream#116 (comment)

>  **What can I do:**
> By this time fixes are being deployed and npm has yanked the malicious version. Ensure that the developer(s) of the package you are using are aware of this post. If you are a developer update your event-stream dependency to [email protected]. This protects people with cached versions of event-stream.

See the issue on the `event-stream` repo for more information: dominictarr/event-stream#116