See https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032.

Please update 4.* branch to use full lodash library, as the module-based libraries are no longer maintained.

Thanks for flagging this one up! That's a new release for v5 and v4 made using the 'single' lodash bundle rather than the separate modules.

Code change is minimal and tests are still all passing, but we're not actively using the v4.x branch any more, so please let us know if you encounter any issues with 4.5.4