Note: This feels somewhat lower priority because the vulnerable methods in question aren't used, but resolving this can can fix package installation/audit warnings and prevent accidental usage of vulnerable methods:

Similar to #13, lodash requires another upgrade due to a reported vulnerability in the version used in this repo:

• Per https://github.com/lodash/lodash/issues/4348, an upgrade is required to address a recent security vulnerability CVE-2019-10744
• https://github.com/request/promise-core/blob/master/package.json#L36 lists the vulnerable lodash version

Will be able to follow up with a PR to fix this but want to confirm if this upgrade is desired first

Filed this without noticing PR #20 which will resolve this

I just bumped it to ^4.17.15 and will roll it out to the main request-promise packages shortly.