upgrade npm packages because of lodash vulnerability

[PieterGit]

see https://npmjs.com/advisories/782

After integration of minimed-connect-to-nightscout into Nightscout. I get the following npm security warning:

$ npm audit
                       === npm audit security report ===
# Run  npm update lodash --depth 2  to resolve 1 vulnerability
  Moderate        Prototype Pollution
  Package         lodash
  Dependency of   minimed-connect-to-nightscout
  Path            minimed-connect-to-nightscout > lodash
  More info       https://npmjs.com/advisories/782

Since Nightscout 0.11 the Nightscout release policy is not to release versions with known security issues.
As I'm not a minimed-connect-to-nightscout user, I can't test this. I'm just providing the PR for the community sake.

@mddub Can you please review, test and merge this PR and release a new version.

[PieterGit]

Note that this PR also does a major update of the mocha package.
I only tested that this PR still passes all its tests, but didn't do any code changes for mocha.

[mddub]

lgtm if tests pass.

[mddub]

Just updated to v1.2.2 in 83f8d46 and published to npm (I made a mistake in publishing v1.2.1, so skip that one).