Fix security vulnerabilities in lodash and js-yaml

[dktsni]

Describe the bug After the security fixes on NPM dependencies made by #155 and #156, there still two remaining issues on lodash (< 4.17.13) and js-yaml (< 3.13.1). Those vulnerabilities are in the project because they're included in other dependencies which can't be upgraded.

This issue is here to keep track and make sure that those vulnerabilities will be patched when new versions of dependencies will be available.

Here is some infos on those dependencies :

• html-webpack-plugin : It seems that this vulnerabilities is fixed & merged in master. Will be released in the next version ? (https://github.com/jantimon/html-webpack-plugin/pull/1270)
• inject-loader : Vulnerabilities present because this dependency still use babel v6. Babel has fixed the vulnerability in v7, but this is still not integrated in inject-loader: https://github.com/plasticine/inject-loader/issues/62
• karma has fixed the lodash vulnerability but it still uses another one which import it (log4js). https://github.com/karma-runner/karma/issues/3349
• Eslint has fixed this vulnerability in version 6, but can't be upgraded in ARA due to the lack of support of it in the dependency eslint-vue-plugin : https://github.com/vuejs/eslint-plugin-vue/issues/920

To Reproduce

1. Go in the client/ folder
2. Do a npm ls lodash and npm ls js-yaml.

Expected behavior All the vulnerabilities are patched.

Screenshots

Environment All

[dktsni]

Remove from 4.1.0 scope. Those points have evolved.