Fix security vulnerabilities

Ran `npm audit fix`.

Even though this fixes a "high" severity vulnerability, all affected
packages are dev packages only.

node_modules/lodash/_baseSet.js

@@ -29,6 +29,10 @@ function baseSet(object, path, value, customizer) {
     var key = toKey(path[index]),
         newValue = value;
 
+    if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
+      return object;
+    }
+
     if (index != lastIndex) {
       var objValue = nested[key];
       newValue = customizer ? customizer(objValue, key, nested) : undefined;