update lodash to v4.17.20

[SigurdMW]

• Operating System: All
• Cypress Version: @cypress/webpack-preprocessor@5.4.4
• Browser Version: n/a

Is this a Feature or Bug?

Bug, lodash 4.17.19 is vulnerable to Prototype pollution according to snyk: https://app.snyk.io/vuln/SNYK-JS-LODASH-590103

Current behavior:

Desired behavior:

Update package to lodash 4.17.20

How to reproduce:

Additional Info (images, stack traces, etc)

[jennifer-shehane]

PR: #105

[berickson1]

@jennifer-shehane - would you consider switching to using caret syntax for dependencies ("lodash": "^4.17.20")? That would allow consumers to upgrade things like lodash manually when vulnerabilities are found. Without pulling in the latest version of this module, we're stuck on an older version of lodash by default (due to yarn lockfile de-duplication yarn-deduplicate --strategy fewer)

[jennifer-shehane]

Yes, we did this for our main Cypress project already.

[jennifer-shehane]

@berickson1 PR here #107

[chrisbreiding]

🎉 This issue has been resolved in version 5.4.5 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀