Upgrade dependencies to apply security fixes

[omrilotan]

TL;DR

dep	before	after
depcheck	^0.6.11	^0.9.1
lodash	^4.7.0	^4.17.15

Encompasses and updates on #361 and #371

Step 1 - NPM

npm i

found 184 vulnerabilities (1 low, 3 moderate, 180 high)
  run `npm audit fix` to fix them, or `npm audit` for details

npm audit fix

fixed 183 of 184 vulnerabilities in 4366 scanned packages
  1 vulnerability required manual review and could not be updated

npm audit

output

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ braces                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.3.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ babel-cli [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ babel-cli > chokidar > anymatch > micromatch > braces        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/786                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

Finally we remain with "braces" as a nested devDependency with a Regex DDoS vulnerability - which I think is negligible.

npm ls braces

npm-check@5.9.0 ~/npm-check
└─┬ babel-cli@6.26.0
  └─┬ chokidar@1.7.0
    ├─┬ anymatch@1.3.2
    │ └─┬ micromatch@2.3.11
    │   └── braces@1.8.5    <---
    └─┬ readdirp@2.2.1
      └─┬ micromatch@3.1.10
        └── braces@2.3.2

Step 2 - Snyk

npx snyk test

  Upgrade depcheck@0.6.11 to depcheck@0.7.1 to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://snyk.io/vuln/npm:mem:20180117] in mem@1.1.0
    introduced by depcheck@0.6.11 > yargs@8.0.2 > os-locale@2.1.0 > mem@1.1.0

I checked depcheck releases. There are no breaking changes

npm i depcheck@latest && npx snyk test

✓ Tested 247 dependencies for known issues, no vulnerable paths found.

[icebob]

When will be merged & released?

[mkarpusiewicz]

Can we have this merged and released please?

[mkarpusiewicz]

@dylang Would you be able to merge this? If you need any help with the project I'm happy to help ;)

[LinusU]

Thanks, sorry for the delay

[LinusU]

Released as npm-check@5.9.1

[omrilotan]

🎉