⬆️ Updates lodash to v4.17.21 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
lodash (source)	4.17.20 -> 4.17.21

GitHub Vulnerability Alerts

CVE-2020-28500

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Steps to reproduce (provided by reporter Liyuan Chen):

var lo = require('lodash');

function build_blank(n) {
    var ret = "1"
    for (var i = 0; i < n; i++) {
        ret += " "
    }
    return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s) 
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);

CVE-2021-23337

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

---

Release Notes

lodash/lodash (lodash)

v4.17.21

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Branch automerge failure

This PR was configured for branch automerge, however this is not possible so it has been raised as a PR instead.

---

• Branch has one or more failed status checks

[changelogg]

Hey! Changelogs info seems to be missing or might be in incorrect format.
Please use the below template in PR description to ensure Changelogg can detect your changes:
- (tag) changelog_text
or
- tag: changelog_text
OR
You can add tag in PR header or while doing a commit too
(tag) PR header
or
tag: PR header
Valid tags: added / feat, changed, deprecated, fixed / fix, removed, security, build, ci, chore, docs, perf, refactor, revert, style, test
Thanks!
For more info, check out changelogg docs

[viezly]

Pull request by bot. No need to analyze

[github-actions]

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

[github-actions]

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

[github-actions]

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.