fix(deps): Update dependency lodash to version 4.17.14 🌟

[renovate]

close #4743

This PR contains the following updates:

Package	Type	Update	Change
lodash (source)	dependencies	patch	4.17.13 -> 4.17.14
lodash (source)	devDependencies	patch	4.17.13 -> 4.17.14

---

Release Notes

lodash/lodash

v4.17.14

Compare Source

---

Renovate configuration

📅 Schedule: "before 3am on the first day of the month" in timezone America/New_York.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot. View repository job log here.

[toymachiner62]

Do we know what release this will be in? Cyrpess 3.4.0 is running a version of lodash (lodash@4.17.11) which snyk is giving me a vulnerability on and i'd like to patch as soon as available.

[jennifer-shehane]

@toymachiner62 You can run npm audit fix to fix the 'vulnerable' dependencies. We prefer locking dependencies so we know exactly what versions our users are using and ensure it works on these exact versions before publishing.

But also Cypress is immune to most if not all security vulnerabilities because its locally run software - not a web server hosted in the cloud, so this security issue doesn't even apply and is low priority for us.

[jimmyandrade]

@jennifer-shehane when I run npm audit fix I find this:

fixed 0 of 1 vulnerability in 905229 scanned packages
  1 vulnerability required manual review and could not be updated

So... waiting for next patch release.

[msxavi]

Same as @jimmyandrade here. Will the release target be a patch or a minor upgrade?
Thanks!

[jennifer-shehane]

We're working on a patch release, instead of waiting for next feature release.

[jennifer-shehane]

Released in 3.4.1.