Update lodash and renderkid to fix CVEs (2.x branch)

[Nivl]

This PR does 2 things:

• Updates lodash to solve https://npmjs.com/advisories/1673
• Updates renderkid to solve a nested CVE with css-what

There is another CVE with a dependency used by Mocha, sadly NPM doesn't support overrides yet.

This will require to release 2.1.3.

[Nivl]

Cc @AriaMinaei . Others seem to have the same issue.

[lachieh]

@Nivl renderkid got updated to 3.0.0 as part of the v4 release if you want to close this PR