bump request-ip to 3.3.0 in package-lock.json

[melvrickgoh]

an extension of #1087, also bump the version of request-ip in package-lock.json

Description of the change

bump request-ip from 2.x to 3.3.0,
2. x version has a dependency is_js and it has a Vulnerability. I guess there are no > breaking changes between 2. x and 3. x
https://ossindex.sonatype.org/component/pkg:npm/is_js@0.9.0?utm_source=dependency-> check&utm_medium=integration&utm_content=7.4.3
For the past 6 years, there is no update for the is_js library.

Updating package-lock.json also avoids the CVE flags by Dependabot for dependency vulnerabilities

Type of change

• Bug fix (non-breaking change that fixes an issue)
• Maintenance

Related issues

• Fix rollbar Vulnerability - CVE-2020-26302 #1100

Checklists

Development

• Lint rules pass locally
• All tests related to the changed code pass in development

[melvrickgoh]

hi @waltjones, could you help take a look at this when free? (it's a continuation of #1087 )

[jplaisted]

FYI this still lists is_js in the lock file. It is no longer transitively reachable; but is still listed. It may need to be removed to"resolve" the vulnerability.

rollbar.js/package-lock.json

Line 4752 in 848d5f0

"is_js": {