Update lodash to 4.7.14 and lodash.mergewith to 4.6.2
lodash
https://www.npmjs.com/package/lodash
Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Affected versions: < 4.17.13
lodash.mergewith
https://www.npmjs.com/package/lodash.mergewith
Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Affected versions: < 4.6.2