Fix security vulnerabilities in lodash and js-yaml

[dktsni]

Describe the bug
After the security fixes on NPM dependencies made by #155 and #156, there still two remaining issues on lodash (< 4.17.13) and js-yaml (< 3.13.1). Those vulnerabilities are in the project because they're included in other dependencies which can't be upgraded.

This issue is here to keep track and make sure that those vulnerabilities will be patched when new versions of dependencies will be available.

Here is some infos on those dependencies :

• html-webpack-plugin : It seems that this vulnerabilities is fixed & merged in master. Will be released in the next version ? (update lodash dependency for prototype polution vulnerability jantimon/html-webpack-plugin#1270)
• inject-loader : Vulnerabilities present because this dependency still use babel v6. Babel has fixed the vulnerability in v7, but this is still not integrated in inject-loader: Add support for Babel 7 plasticine/inject-loader#62
• karma has fixed the lodash vulnerability but it still uses another one which import it (log4js). karma uses a vulnerable version of lodash karma-runner/karma#3349
• Eslint has fixed this vulnerability in version 6, but can't be upgraded in ARA due to the lack of support of it in the dependency eslint-vue-plugin : ESLint 6 compatibility vuejs/eslint-plugin-vue#920

To Reproduce

1. Go in the client/ folder
2. Do a npm ls lodash and npm ls js-yaml.

Expected behavior
All the vulnerabilities are patched.

Screenshots

Environment
All

[dktsni]

Remove from 4.1.0 scope. Those points have evolved.