High vulnerability from set-value

[TheoMugnier]

🚫Pinning group array to 0.3.3 lead to a high vulnerability ! 🚫 So this can't be considered a permanent fix (Fixed in 0.3.4 of group-array) (Merged PR: https://github.com/klei/gulp-inject/pull/258)

From npm audit security report :

High : Prototype Pollution Package : set-value Patched in : >=2.0.1 <3.0.0 || >=3.0.1 Dependency of : gulp-inject Path : gulp-inject > group-array > union-value > set-value More info : https://npmjs.com/advisories/1012

[joakimbeng]

:tada: This issue has been resolved in version 5.0.4 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket:

[yeaske]

Just an FYI as I'm not sure if the version I'm using is deprecated. I am using gulp-inject@4.3.2 and in the latest npm install it replaced group-array@0.3.3 with group-array@0.3.4. ["group-array": "^0.3.0"]. This has caused the src stream consumption in inject to fail as it just takes the last element of the stream. I was able to fix this by moving back to group-array@0.3.3.