security: measure-text security vulnerability

[matt-d-rat]

Snyk identified an security vulnerability in an upstream dependency of measure-text@0.0.4, as noted by other users here: FormidableLabs/measure-text#5.

Prototype Pollution

• Vulnerable module: lodash.merge
• Introduced through: measure-text@0.0.4
• Path: react-middle-truncate@1.0.0 › measure-text@0.0.4 › lodash.merge@4.6.1
• CVE-2018-3721

The issue is still outstanding, so in the interim I will import the measure-text dependent code into the react-middle-truncate repo until this issue is resolved.