Update deps for CVEs in cryptiles, handlebars, immer, lodash, merge-deep

[dkempner]

Checklist

• [x] Tests Pass
• [x] Docs site builds and runs

Snapshots look harmless. Looks like a different way of handling ForwardRef + css animations in a snapshot.

I chose module resolutions instead of upgrading for the following reasons:

lodash: used too many places to upgrade everywhere immer: upgrading its one dependency, react-styleguideist broke the docs site merge-deep: used in the svgr lib which couldn't handle an update either.

[codecov[bot]]

Codecov Report

Merging #477 (ea78f69) into master (d2dbe22) will increase coverage by 84.16%. The diff coverage is n/a.

@@             Coverage Diff             @@
##           master     #477       +/-   ##
===========================================
+ Coverage        0   84.16%   +84.16%     
===========================================
  Files           0       62       +62     
  Lines           0     1572     +1572     
  Branches        0      362      +362     
===========================================
+ Hits            0     1323     +1323     
- Misses          0      198      +198     
- Partials        0       51       +51     

[NinjaBanjo]

this is great, but I wonder if there's actually any security issues here?

I Think if you read the CVE on these, they don't apply to most of our cases of running in CI (Which is where most of these packages are used)

[dkempner]

I Think if you read the CVE on these, they don't apply to most of our cases of running in CI (Which is where most of these packages are used)

i completely agree. and Security even called it out here:

Some of the vulnerabilities make sense only in a backend context (e.g. nodejs) and shouldn't impact Snacks, but given this is a public repo - I think it's worth the effort to address them.

i'm fine to put this in the bin.