The version bumps are a result of running npm audit, which found
3 security issues in previous versions of our dependencies.
Also add 'package-lock.json' to the repo, it's a common practice to
check in those files into the repository to get consistent versions of
dependencies when running on different machines.