Workaround another existing security vulnerability in instagram-priva…

…te-api

`instagram-private-api` uses a deprecated version of `request-promise`
which uses a vulnerable version of `lodash`.

We simply force the use of a more recent version of `lodash` as `request-promise`
doesn't use lodash 3.x specific code.

package.json

@@ -21,7 +21,8 @@
     "yargs": "^12.0.2"
   },
   "resolutions": {
-    "instagram-private-api/tough-cookie-filestore/tough-cookie": "^2.3.3"
+    "instagram-private-api/tough-cookie-filestore/tough-cookie": "^2.3.3",
+    "instagram-private-api/request-promise": "^4.2.2"
   },
   "devDependencies": {
     "eslint": "^5.7.0",