Security alert - how to fix?

I've gotten notice from github that one of my packages has a security alert, please see: https://github.com/ekkis/js-prototype-lib/network/alerts

the thing though is my package has no dependencies. it has a developer dependency on mocha for the test suite but not on the offending package lodash

so how do I address this?

Solution

the answer seems to be npm audit fix

Wrapping a wrapper of console log with correct file/line number?
How to safely polyfill `console.log` without breaking line numbers?
Harmony proxy, detect whether property was accessed or called
chrome.runtime.onInstalled is undefined
d3.js passing in dynamic variable name to d.properties method
Smooth scroll does not work with transition animation
How to Change Default Error Text in Yup/Formik?
Using SplideJS arrows outside of splide
How to add facebook share button on my website?
How to combine the results of two observable in angular?
Bootstrap 3 modal: make it movable/draggable without jquery-ui
Make bootstrap modal draggable and keep background usable
How can I fix this framework so the services can be defined in any order?
How do you JSON.stringify an ES6 Map?
JS Find indices of duplicate values in array if there are more than two duplicates
Curly Brackets in Arrow Functions
Mixed Content The page at was loaded over HTTPS but requested an insecure resource This request has been blocked the content must be served over HTTPS
Reducing an array of objects in JS?
React-Redux - No reducer provided for key "coins"
SyntaxError: Unexpected token in JSON.parse - Invalid JSON format being sent in to the Backend
How can I avoid state of "TypeError: can't access dead object" in my Firefox add-on?
How to add Html Content to a new created Iframe in JS
Efficiently rendering a large number of "select" elements
How can I capitalize the first letter of each word in a string using JavaScript?
Call custom hook only on the active component in the DOM
Nodejs: get filename of caller function
How do I fix this issue: "node_modules/expo/AppEntry.js: [BABEL]"?
EventListener not being removed
How to check if DST (Daylight Saving Time) is in effect, and if so, the offset?
In React, does creating a click handler outside the JSX have any improvement on performance?