security issue

[liyokuna]

Hello,

I am using the latest release of this package on my Angular project. Recently, I received some warning messages about two of your dependencies that needed to be updated in order to match security requirement.

Here is a the list :

Package underscore.string

Patched in >=3.3.5

Dependency of font-loader [dev]

Path font-loader > ttf2eot > argparse > underscore.string

More info https://nodesecurity.io/advisories/745

Package lodash

Patched in >=4.17.5

Dependency of font-loader [dev]

Path font-loader > svg2ttf > lodash

More info https://nodesecurity.io/advisories/577

It will be great to have another release matching those security expectation. When the next release will be made ?