Bump lodash from 2.4.2 to 4.17.19 in /tosort/2014/incubator/sample_module#241

Bumps [lodash](https://github.com/lodash/lodash) from 2.4.2 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> <h2>4.0.0</h2> <h1><a href="https://github.com/lodash/lodash/wiki/Changelog#v400">lodash v4.0.0</a></h1> <p>2015 was big year! <a href="https://lodash.com/">Lodash</a> became the <a href="https://gist.github.com/anvaka/8e8fa57c7ee1350e3491#file-01-most-dependent-upon-md">most depended on</a> npm package, passed <a href="http://npm-stat.com/charts.html?package=&amp;author=jdalton">1 billion</a> downloads, &amp; its v3 release saw massive adoption!</p> <p>The year was also one of collaboration, as discussions began on <a href="https://github-redirect.dependabot.com/underdash/underdash/issues/14">merging Lodash &amp; Underscore</a>. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 <strong>would not be possible</strong> without the collaboration &amp; contributions of the Underscore core team. In the spirit of merging our teams have blended with <a href="https://github.com/orgs/lodash/people">several members</a> contributing to both libraries.</p> <p>For 2016 &amp; <a href="https://github.com/lodash/lodash/wiki/Changelog#v400">lodash v4.0.0</a> we wanted to cut loose, push forward, &amp; take things up a notch!</p> <h2>Modern only</h2> <p>With v4 we’re breaking free from <a href="https://github.com/lodash-archive">old projects</a>, old environments, &amp; dropping <a href="https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support">old IE &lt; 9 support</a>!</p> <h2>4 kB Core</h2> <p>Lodash’s kitchen-sink size will continue to grow as new methods &amp; functionality are added. However, we now offer a 4 kB (gzipped) <a href="https://github.com/lodash/lodash/tree/4.0.0/dist">core build</a> that’s compatible with <a href="https://github-redirect.dependabot.com/jashkenas/backbone/issues/3839">Backbone v1.2.4</a> for folks who want Lodash without lugging around the kitchen sink.</p> <h2>More ES6</h2> <p>We’ve continued to embrace ES6 with methods like <a href="https://lodash.com/docs#isSymbol">_.isSymbol</a>, added support for cloning &amp; comparing array buffers, maps, sets, &amp; symbols, converting iterators to arrays, &amp; iterable <code>_(…)</code>.</p> <p>In addition, we’ve published an <a href="https://github.com/lodash/lodash/tree/4.0.0-es/">es-build</a> &amp; pulled <a href="https://github.com/lodash/babel-plugin-lodash">babel-plugin-lodash</a> into core to make tree-shaking a breeze.</p> <h2>More Modular</h2> <p>Pop quiz! 📣</p> <p>What category path does the <code>bindAll</code> method belong to? Is it</p> <p>A) <code>require('lodash/function/bindAll')</code> B) <code>require('lodash/utility/bindAll')</code> C) <code>require('lodash/util/bindAll')</code></p> <p>Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as</p> <pre lang="js"><code>var bindAll = require('lodash/bindAll'); </code></pre> <p>We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like <a href="https://github-redirect.dependabot.com/caolan/async/pull/996">Async</a> &amp; <a href="https://github-redirect.dependabot.com/rackt/redux/pull/611">Redux</a>!</p> <h2>1st Class FP</h2> <p>With v3 we introduced <a href="https://github.com/lodash-archive/lodash-fp">lodash-fp</a>. We learned a lot &amp; with v4 we decided to <a href="https://github.com/lodash/lodash/wiki/FP-Guide">pull it into core</a>.</p> <p>Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/2.4.2...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br /> [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Offirmo/web-tech-experiments/network/alerts). </details>