Update dependencies to prevent audit warnings

[digitalica]

This PR updates dependencies. Most importantly lodash, to prevent audit warnings.

Before: found 11 vulnerabilities (2 low, 5 moderate, 3 high, 1 critical) in 174 scanned packages
After: found 0 vulnerabilities (better, right?)

As lodash is an important part of htmlprocessor, there may be functionality changes (!)

Test added for the template prototype method in htmlprocessor.js (line 120) as it is used by dependencies, was not tested, and params changed by lodash. This is one obvious functionality change.

[coveralls]

Coverage remained the same at 100.0% when pulling 7609279 on digitalica:master into 87ceb35 on dciccale:master.

[jacquerie]

Nice! I was going to submit master...jacquerie:bump-deps-for-security as a PR, but I see that you've done the same thing in a superior way.

[digitalica]

thanks.... looks i was a little more complete, in also updating the template function. It should be deprecated I think: people who use it probably should use their own underscore.... Anyway. Fix done ;-)

…

On Tue, Dec 18, 2018 at 5:53 PM Jacopo Notarstefano < ***@***.***> wrote: Nice! I was going to submit master...jacquerie:bump-deps-for-security <master...jacquerie:bump-deps-for-security> as a PR, but I see that you've done the same thing in a superior way. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#29 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACo2a0sBjhJxMIj8DouHbj4ZmY2QgIrAks5u6R2XgaJpZM4ZRog9> .

-- Robbert Wethmar Digitalica Jan Evertsenstraat 144 A4 1056 EK Amsterdam phone 020 8932884 mobile 06 53804879 skype rwethmar

[steveblue]

@dciccale please merge and version bump to avoid security warnings

[airgun2062]

@digitalica would you be commiting your last pull request to fix audit issues
?

[mrvdot]

@dciccale Any chance this can get merged soon?

[dciccale]

published 0.3.1