Security issue

[brettz9]

The new npm audit feature, which alerts one to security warnings on dependencies, indicates a high risk denial of service issue with the dependency on saucelabs which had a bad version of https-proxy-agent as a dependency.

Also, the dependency on lodash before 4.17.5 was subject to prototype pollution, and grunt-saucelabs is relying upon this version in two ways:

1. by relying on lodash as a direct dependency using the tilde (only accepting patch updates) above 4.13.1) .
2. by relying on requestretry (which relies on fg-lodash which relies on lodash) using the tilde (only accepting patch updates) above 1.9.0).

Upgrading to the latest versions should fix all of these issues. (There are a number of security issues when doing an audit against a local install of grunt-saucelabs, but the above are the only ones I'm seeing as a dependency.)

While I could submit a PR to upgrade these, I am getting errors when trying to run npm test, so I'm not sure whether upgrades would break anything.

I know you're not actively maintaining, @axemclion , but could you look into this both as it is security -related, and because I'm trying to get rid of the issues for the sake of IndexedDBShim as well?

[gcbw]

#230

[brettz9]

@axemclion , If you are too busy to maintain, would you mind granting me access to this repo so I could at least merge this security fix or such?

[digitalfrost]

Pull request: to update saucelabs and lodash versions to fix security vulnerabilities #231