xml-crypto 0.8.0 is an insecure transitive dependency

This project depends on `soap` `0.25.0`, which depends on an insecure version of `xml-crypto`. 

Updating the dependency of `soap` to at least `0.35` would resolve the issue, as that's the version where `soap` updates its `xml-crypto` dep:

https://github.com/vpulim/node-soap/blob/master/History.md