Critical security vulnerability

[richwd]

Hi,
A recent npm audit produced the following:

lodash <=4.17.20 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574 Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw fix available via npm audit fix --force Will install ember-data-hal-9000@0.1.6, which is a breaking change node_modules/babel-plugin-proto-to-assign/node_modules/lodash node_modules/ember-data-hal-9000/node_modules/lodash babel-core <=6.9.1 Depends on vulnerable versions of babel-plugin-proto-to-assign Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/ember-data-hal-9000/node_modules/babel-core broccoli-babel-transpiler <=5.7.4 Depends on vulnerable versions of babel-core node_modules/ember-data-hal-9000/node_modules/broccoli-babel-transpiler ember-cli-babel <=5.2.8 Depends on vulnerable versions of broccoli-babel-transpiler node_modules/ember-data-hal-9000/node_modules/ember-cli-babel ember-data-hal-9000 >=0.1.7 Depends on vulnerable versions of ember-cli-babel node_modules/ember-data-hal-9000 babel-plugin-proto-to-assign * Depends on vulnerable versions of lodash node_modules/babel-plugin-proto-to-assign

Looks like ember-data-hal-9000 depends on an old version of ember-cli-babel that has vulnerabilties.

Please could the maintainers have a look? I notice that this addon is still getting downloads (150+ in the last month), so likely there are a lot of people using it.

Thanks