Bump lodash and dependency-cruiser

[dependabot]

Bumps lodash to 4.17.21 and updates ancestor dependencies lodash, lodash and dependency-cruiser. These dependencies need to be updated together.

Updates lodash from 4.17.20 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• See full diff in compare view

Updates lodash from 4.17.15 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• See full diff in compare view

Updates dependency-cruiser from 5.5.0 to 12.12.1

Release notes

Sourced from dependency-cruiser's releases.

v12.12.1

🐛 fixes

• 168e025a fix(enrich): adds used tsconfig to options used + adds it & babelConfig, webpackConfig to IConfiguration type (#805) (backport from v13)

📖 documentation

• e3cb9272 fix(types): adds mainFields and mainFiles to the enhancedResolveOptions in ICruiseOptions (backport from v13)

👷 maintenance

• 64157568 build(npm): updates external devDependencies
• 087fe8ed doc(report): corrects description of the null reporter (backport from v13

🔏 shasum of the package as published on npmjs: 6131ff18b737df25c41bdfdfbfe4eb3610cbf358

v12.12.0

📯 We'll soon be releasing dependency-cruiser v13, which is in beta right now.

• If you want to test v13 beta: you're welcome to! Add dependency-cruiser@beta to your development dependencies.
• see #794 for details & as a thread to post findings regarding v13.

Meanwhile here's still a v12 release. Most of the items are back-ports from the v13 beta - it might be a while before v13 is out of beta, and these items will be useful for users of v12 as well.

✨ features

• 3108902f feature(progress): moves times closer to message in performance-log (back-port)
• 489f9cf8 feature(report): adds a 'null' reporter (back-port)

🐛 fixes

• 6c5dc62d bugfix(cache): handles empty known violations arrays (back-port)
• 9ebfc4fc fix(schema|types): adds null reporter to schema and types (back-port)
• deb7266a fix(schema|types): adds 'checksum' attribute to the module schema (#803) (back-port)

👷 maintenance

♻️ life cycle management

• 945f4a9f build(npm): updates external dependencies

🏗️ ci & dx

• be49230f chore: makes yarn --silent by default (back-port)
• f13beb18 chore: snoozes nodejs module warnings while running tests (back-port)

🔏 shasum of the package as published on npmjs: 99810305b444a94d18dd07550f4e4f84e6366aee

v12.11.3

... (truncated)

Commits

• 00c3f4c 12.12.1
• 6415756 build(npm): updates external devDependencies
• 087fe8e doc(report): corrects description of the null reporter
• e3cb927 fix(types): adds mainFields and mainFiles to the enhancedResolveOptions in IC...
• 168e025 fix(enrich): adds used tsconfig to options used + adds it & babelConfig, webp...
• 3d5b2b4 12.12.0
• be49230 chore: makes yarn --silent by default (backport)
• 945f4a9 build(npm): updates external dependencies
• 6c5dc62 bugfix(cache): handles empty known violations arrays (backport)
• 3108902 feature(progress): moves times closer to message in performance-log (backport)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.