Security: npm upgrade packages

[jfrerich]

Hi @kosgrz

So far, following dependent npm packages are found to be vulnerable. Request you to upgrade the same. The security analysis is still in progress. I will post an update here once its complete. But meanwhile I thought to give you a heads up on the issues identified so far.

• before version 6.5.4 is vulnerable to Cryptographic Issues via the secp256k1 implementation in .
  Severity: Moderate
  References: https://www.npmjs.com/advisories/1648
  Remediation: Upgrade to version 6.5.4 or later

• before version 1.3.6 has a Prototype Pollution vulnerability.
  Severity: Low
  References: https://www.npmjs.com/advisories/1589
  Remediation: Upgrade to version 1.3.6 or later.

• Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.
  Severity: Low
  References: https://www.npmjs.com/advisories/1556
  Remediation: Upgrade to version 2.6.1 or 3.0.0-beta.9

• before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to prototype pollution.
  Severity: High
  References: https://www.npmjs.com/advisories/1654
  Remediation: Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later

• Affected versions of are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of , causing the addition or modification of an existing property that will exist on all objects.
  Severity: Low
  References: https://www.npmjs.com/advisories/1500
  Remediation: Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.

Originally posted by @srkgupta in #5 (comment)

[mickmister]

Closing due to this project not actually using these dependencies that have these vulnerabilities