fix: package.json & package-lock.json to reduce vulnerabilities (#6784)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746

package.json

@@ -42,7 +42,7 @@
     "jsonwebtoken": "8.5.1",
     "jwks-rsa": "1.8.0",
     "ldapjs": "2.0.0",
-    "lodash": "4.17.15",
+    "lodash": "4.17.16",
     "lru-cache": "5.1.1",
     "mime": "2.4.6",
     "mongodb": "3.5.8",