Bumping lodash version to maintain security

[MgenGlder]

Hello 👋🏾

We'd like to update that version of lodash to 4.17.21 to resolve outstanding security issue. Is this something that can be looked at? @fabulousduck We can open a PR and resolve this for you if you'd like.

cc @meltingice @fabulousduck

edit: Created a pr with the update here: #226

[fabulousduck]

@MgenGlder With regards to the NPM situation, I don't have the credentials to update it myself, @meltingice will have to do that. But he has been MIA from this project for a long time now so I would not get my hopes up. If he does however want to bump this repo to the npm repo, that would be great :).

As for your PR, the testing of a PR is for the creator of the PR to do. So once you can confirm to me that you have tested your change and does not break anything, I will be more than happy to merge the PR you have linked.

[MgenGlder]

@fabulousduck Fair enough, I can confirm we've tested the PR to the best of our ability. I was running into issues running the compilation scripts, I'm thinking it's because of how outdated the buildscripts/configuration are with the latest coffeescript compiler.I also noticed that the source controlled repo doesn't seem to match the latest version in NPM. As far as I'm aware the PR is good to go.

Do you have any context on this?

It seems the latest version of psd.js available on npm doesn't match what's shown in the releases in this repo.
After a fresh install I see this:

[MgenGlder]

@fabulousduck Managed to figure it out! There's a very similarly named package psd.js which seems to be forked and is authored by an entirely separate party. We have to be careful and have people understand this package represents psd and not any of the forks like psd.js etc.

[MgenGlder]

Seems like bumping the version introduces a small regression. _.any no longer exists, we can use _.some instead.

[MgenGlder]

@fabulousduck 👋🏾 Going to go ahead and merge this guy. I've verified the PSD rendering functionality still works. Should be a good win in getting this project out of security vulnerability pergatory.