fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239

Author: snyk-bot

package.json

@@ -168,7 +168,7 @@
     "npmlog": "^2.0.4",
     "opn": "^3.0.2",
     "optimist": "^0.6.1",
-    "plist": "^1.2.0",
+    "plist": "^2.0.1",
     "promise": "^7.1.1",
     "react-clone-referenced-element": "^1.0.1",
     "react-timer-mixin": "^0.13.2",
@@ -190,7 +190,7 @@
     "worker-farm": "^1.3.1",
     "write-file-atomic": "^1.2.0",
     "ws": "^1.1.0",
-    "xcode": "^0.8.9",
+    "xcode": "^0.9.3",
     "xmldoc": "^0.4.0",
     "yargs": "^6.4.0"
   },