Bump lodash and gh-release

[dependabot[bot]]

Bumps lodash to 4.17.21 and updates ancestor dependency gh-release. These dependencies need to be updated together.

Updates lodash from 4.17.20 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• See full diff in compare view

Updates gh-release from 1.1.8 to 6.0.4

Release notes

Sourced from gh-release's releases.

v6.0.4

Changed

• pkg(engines): set min node to 12
  • note: minimum node was already 12 as of v6.x, this just updates requirement in package.json
• deps: gauge@^v4.0.4 (#169)

Misc

• minor (cosmetic) doc updates

v6.0.3

Changed

• deps: rm chalk (#163)
• deps(dev): rm live-server, tap-spec, use serve (#162)

v6.0.2

Note: this repo has moved from https://github.com/hypermodules/gh-release to https://github.com/ungoldman/gh-release. @​ungoldman is the original author and the same people that have been maintaining gh-release will continue to do so. The move was made because the hypermodules org is being retired.

Changed

• Repo ownership changed! Updated links. ungoldman/gh-release#161
• Update gauge to ^4. ungoldman/gh-release#147

v6.0.1

Changed

• Re-read package.json when creating releases. hypermodules/gh-release#137
• Update gauge to ^3. hypermodules/gh-release#136

v6.0.0

Changed

• BREAKING CHANGE: upgrade to Yargs 17. Node 10 is definitely EOL and not supported now.

v5.0.2

Changed

• Roll back to yargs@16 due to introduced breaking changes.

v5.0.1

Changed

• Allow unreleased CHANGELOG section if all subsections are empty (#128) - thanks @​leviathan747

v5.0.0

• A release of 4.0.5-beta.0 as a breaking change
• BREAKING CHANGE: new underlying request library (@​octokit/rest) in use to fix edge case where releases would time out.
• No API changes, it should be safe to upgrade, but there is a risk of new bugs. Please update at your convenience.

v4.0.5-beta.0

• Replace simple-get with @octokit/rest. This should fix some spurious timeout bugs.

... (truncated)

Changelog

Sourced from gh-release's changelog.

6.0.4 - 2022-04-14

Changed

• pkg(engines): set min node to 12
• deps: gauge@^v4.0.4 (#169)

Misc

• minor (cosmetic) doc updates

6.0.3 - 2022-03-15

Changed

• deps: rm chalk (#163)
• deps(dev): rm live-server, tap-spec, use serve (#162)

6.0.2 - 2022-03-14

Note: this repo has moved from https://github.com/hypermodules/gh-release to https://github.com/ungoldman/gh-release. @​ungoldman is the original author and the same people that have been maintaining gh-release will continue to do so. The move was made because the hypermodules org is being retired.

Changed

• Repo ownership changed! Updated links. ungoldman/gh-release#161
• Update gauge to ^4. ungoldman/gh-release#147

6.0.1 - 2021-09-20

Changed

• Re-read package.json when creating releases. ungoldman/gh-release#137
• Update gauge to ^3. ungoldman/gh-release#136

6.0.0 - 2021-05-20

Changed

• BREAKING CHANGE: upgrade to Yargs 16. Node 10 is definitely EOL and not supported now.

5.0.2 - 2021-05-20

Changed

• Roll back to yargs@16 due to introduced breaking changes.

5.0.1 - 2021-05-18

Changed

• Allow unreleased CHANGELOG section if all subsections are empty (#128) - thanks @​leviathan747

5.0.0 - 2021-01-16

... (truncated)

Commits

• 591b8a9 6.0.4
• 5f25872 docs(changelog): fix date & URL for 6.0.4
• 4d3e2ca docs: changelog@6.0.4
• 8160275 pkg(engines): set min to 12
• fad6563 deps(dev): use tap-arc
• e5e5b65 rm npmrc (#171)
• b626f4a docs: ditch demo.png, update CLI example
• 03b352b docs: fix img copy
• 6ac6b3f docs(readme): update images (#170)
• 374e024 chore(deps): update gauge requirement from ^v4.0.3 to ^v4.0.4 (#169)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ungoldman, a new releaser for gh-release since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Esri/calcite-colors/network/alerts).