Security - Bumps lodash@^4.17.21 for critical security patch

[sforsberg]

Bumps lodash@^4.17.21 to patch a critical security vulnerability in the current hoisted version 4.17.19.

NOTE: Uses a minor semver to allow lodash to be easily bumped for future minor and patch versions. If this is preferred not to be used, I can revert this to a fixed version.

Resolves: #650

[sforsberg]

I may actually bump a few other dependencies in particular, most oc-* deps can likely be updated to use a minor semver ~and async is still pulling in [email protected].~ (Disregard async, [email protected] resolves the lodash vulnerability.)

Any objections to do that?