Dependabot alerts

[EmiM]

This task is to sum up the progress of upgrading/removing vulnerable versions of packages OR keep information why we can't upgrade them.

Current vulnerabilities

Waggle:

• lodash < 4.17.21 (blocked by orbitdb - lodash is dependency of libp2p)
• hosted-git-info < 2.8.9 (blocked by eslint-plugin-import but they plan to remove the dependency: https://github.com/benmosher/eslint-plugin-import/issues/2048)
• xmlhttprequest-ssl < 1.6.2 (blocked by orbitdb - lodash is dependency of ipfs)
• private-ip < 2.0.0 (blocked by orbitdb - lodash is dependency of ipfs - https://github.com/orbitdb/orbit-db/issues/882)
• node-forge < 0.10.0 (blocked by orbitdb)
• ecstatic < 4.1.3 (dependency of http-server - I removed http-server because we don't use it anyway)
• normalize-url <4.5.1 (blocked by orbitdb, dependency of ipfs)

ZbayLite

• sanitize-html < 2.3.2 (version updated)

[EmiM]

https://github.com/ZbayApp/waggle/pull/32

[EmiM]

https://github.com/ZbayApp/ZbayLite/pull/251