lodash Security Issue (NPM Dependency

[stelgenhof]

lodash has been patched to resolve a security issue. This issue has been patched in version 4.17.13 of lodash, so can you please update the dependency?

Thanks! From Github:

CVE-2019-10744 (https://github.com/lodash/lodash/pull/4336)

high severity Vulnerable versions: < 4.17.13 Patched version: 4.17.13 Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

[stelgenhof]

@johnpapa Ping!

[johnpapa]

running security fixes now.