1.25.0-0.4.2: [chore] patch vulnerabilities (#553)

* Use yarn resolutions to patch vulnerable deps
* Add additional resolutions to fix vulns
* toruslabs updated torus-embed to include the security fixes
* Remove torus from yarn resolutions as they were fixed in the update

Author: taylorjdawson

package.json

@@ -1,6 +1,6 @@
 {
   "name": "bnc-onboard",
-  "version": "1.25.0-0.3.2",
+  "version": "1.25.0-0.4.2",
   "description": "Onboard users to web3 by allowing them to select a wallet, get that wallet ready to transact and have access to synced wallet state.",
   "keywords": [
     "ethereum",
@@ -59,7 +59,7 @@
     "@ledgerhq/hw-app-eth": "^5.49.0",
     "@ledgerhq/hw-transport-u2f": "^5.21.0",
     "@portis/web3": "^4.0.0",
-    "@toruslabs/torus-embed": "^1.9.2",
+    "@toruslabs/torus-embed": "^1.10.11",
     "@walletconnect/web3-provider": "^1.4.1",
     "authereum": "^0.1.12",
     "bignumber.js": "^9.0.0",
@@ -77,5 +77,10 @@
     "trezor-connect": "^8.1.9",
     "walletlink": "^2.1.0",
     "web3-provider-engine": "^15.0.4"
+  },
+  "resolutions": {
+    "authereum/web3-utils/underscore": "^1.12.1",
+    "authereum/ethers/elliptic": "^6.5.3",
+    "@portis/web3/pocket-js-core/axios": "^0.21.1"
   }
 }