update dependency to resolve security issue

[compilenix]

https://github.com/lodash/lodash/issues/3359

[fb55]

Thanks!

[compilenix]

One questtion @fb55 :
Would it be possible to add a package-lock.json any time soon?

Reference: #1199 (comment)

[fb55]

Two reasons why it was removed: 1) They are hard to review and can point to random files on the internet, which I would consider a security risk and 2) similarly, dealing with merge conflicts is a pain.

[jugglinmike]

I'm a little late to the party, but this patch was superfluous.

The Lodash vulnerability reported here was previously reported in gh-1175 and
subsequently fixed via gh-1179. The reason the fix was not available in
Cheerio's "rc3" release is that v1.0.0-rc.3 was created as a hotfix for
v1.0.0-rc.2--it does not have any of the changes which occured in master
since the second release candidate.

So while the next release of Cheerio will not include this commit, neither will
it include the vulnerable version of Lodash. In order to avoid further
confusion, I will delete the branch named v1.0.0-rc3. We will continue to
maintain the corresponding tag named 1.0.0-rc3 for the purposes of
archiving,