Update string npm package vulnerability

[scottwalstead]

https://nodesecurity.io/advisories/536

Fix has not been merged into master yet so we need to wait

jprichardson/string.js#217

[Varomir]

We are going to remove dependency with string library at js-sdk version 3.0.0 at all.
Here is the PR: #42