Security vulnerability with deep-defaults dependency

[joshua-holmes]

Hello, there is a CVE open for a security vulnerability in deep-defaults up to and including v1.0.5, which is the latest version. The deep-defaults npm page states that the project is deprecated and shows a message from the author, "not actively maintained; find alternatives." Since deep-defaults is no longer maintained and has a security vulnerability, it should be swapped out.