npm audit reporting vulnerable version of lodash

[thidlay]

It looks like blue-button is depending on lodash version ^3.10.0. Could the dependency be updated to a more recent version of lodash?

Running "npm audit" report a vulnerability with this version:

                   === npm audit security report ===                        
                                                                            
                                                                            
                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             
                                                                            
      Visit https://go.npm.me/audit-guide for additional guidance           

Moderate Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of blue-button

Path blue-button > blue-button-model > lodash

More info https://npmjs.com/advisories/782

Moderate Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of blue-button

Path blue-button > blue-button-xml > lodash

More info https://npmjs.com/advisories/782

Moderate Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of blue-button

Path blue-button > lodash

More info https://npmjs.com/advisories/782

Low Prototype Pollution

Package lodash

Patched in >=4.17.5

Dependency of blue-button

Path blue-button > blue-button-model > lodash

More info https://npmjs.com/advisories/577

Low Prototype Pollution

Package lodash

Patched in >=4.17.5

Dependency of blue-button

Path blue-button > blue-button-xml > lodash

More info https://npmjs.com/advisories/577

Low Prototype Pollution

Package lodash

Patched in >=4.17.5

Dependency of blue-button

Path blue-button > lodash

More info https://npmjs.com/advisories/577

found 6 vulnerabilities (3 low, 3 moderate)