Command Injection Affecting lodash package, versions <4.17.21

[marcelomatz]

Hello everyone. I identified that this repository uses Loadash in a version that has a security vulnerability.

Here have more information about this vulnerability > https://app.snyk.io/vuln/SNYK-JS-LODASH-1040724

In the Lodash repository there is a commit that talks about: Prevent command injection through _.template's variable option https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c

I think that this vulnerability could jeopardize some applications that are using the NextJS Portfolio Starter.

[leerob]

I don't see that value being used in the lockfile for the latest dependency upgrade 👍

https://github.com/vercel/nextjs-portfolio-starter/pull/9