Upgrade dependencies

[jamesleynorvil]

Context

• Upgrade dependencies Upgrade dependencies #153

Changelog

• Add the latest versions in package.json
• Submit the changes in package-lock.json
• Change db from callback to db = client.db()
• Add the primary depdency list to the readme.md

[lirantal]

We perhaps want to use some packages with specific versions pinned down because they have known vulnerabilities that we can demo with the app so I wouldn't go as far as upgrading this without taking note what's exactly being used.

[ckarande]

@jamesleynorvil Welcome to the project and thanks for your contribution 👍

@lirantal It is a good idea to demo the issue related dangers of using packages with known vulnerabilities. The existing tutorial page for the A9 risk contains an example of how to exploit an insecure version of the marked package. So it makes sense to retain the older version of it as per the latest commit from @jamesleynorvil. When you have a bandwidth, can you review the tutorial page contents and suggest in case we can improve it further.

[UlisesGascon]

Welcome @jamesleynorvil!

Thanks @lirantal and @ckarande for your feedback on the dependencies. I agree with you too, We need to look together for vulnerabilities patched. Right now there is no automated way to test the vulnerabilities. I expect something for that soon (Migration to purpleteam suggested by @binarymist in issue #142 at #148), we can freeze this PR until then if we want to avoid the manual review.

[UlisesGascon]

@jamesleynorvil I will re-integrate this change once #187 has been merged