dependency version of lodash (4.17.4) vulnerable

[DronNick]

I just updated dependency of arc4 on lodash from version 4.17.4 to version 4.17.20 without any problems, since npm complained after installing arc4 (see below).

I'm not sure if it is safe to fix package.json here, for me it had no disadvantages.

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.5

  Dependency of   arc4

  Path            arc4 > lodash

  More info       https://npmjs.com/advisories/577


  High            Prototype Pollution

  Package         lodash

  Patched in      >=4.17.11

  Dependency of   arc4

  Path            arc4 > lodash

  More info       https://npmjs.com/advisories/782


  High            Prototype Pollution

  Package         lodash

  Patched in      >=4.17.12

  Dependency of   arc4

  Path            arc4 > lodash

  More info       https://npmjs.com/advisories/1065


  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.19

  Dependency of   arc4

  Path            arc4 > lodash

  More info       https://npmjs.com/advisories/1523

found 4 vulnerabilities (2 low, 2 high) in 3 scanned packages
  4 vulnerabilities require manual review. See the full report for details.

[victorocna]

I second this!

Is it possible for the author to update this wonderful package?

Thanks a lot