Update lodash.merge to 4.6.2 to resolve security vulnerability

[meszaros-lajos-gyorgy]

Hi!

The guys at npm found a security vulnerability with lodash, which was fixed in 4.6.2:

[mcandre]

Last commit was in 2017. This project is dead as dirt. Go ahead and fork it, publish a new package name on NPM.

[meszaros-lajos-gyorgy]

Linking pull request, which would solve this issue: #17

[meszaros-lajos-gyorgy]

@mcandre: Well, the author's last activity was in early april this year, so I assume you are right. I do prefer to wait a bit more to see if the author checks github.
Also, there are already 11 forks of the repo. Are there any candidates for the replacement of the main repo?

[meszaros-lajos-gyorgy]

I've checked all forks and most of them are either behind/even with master or contain dependency version updates. If someone is to publish a fork of this repo should also add the other pull request which checks for html validation failure. I'm happy to publish a fork of this, but what should be it's name? express-minify-html-2?

[meszaros-lajos-gyorgy]

express-minify-html-2 is out live: https://www.npmjs.com/package/express-minify-html-2

[m-majetic]

Thanks for taking care of this and for putting the cat into the sock :)

[ryanlelek]

Thanks, helped!