High vulnerability from set-value

[TheoMugnier]

🚫Pinning group array to 0.3.3 lead to a high vulnerability ! 🚫
So this can't be considered a permanent fix (Fixed in 0.3.4 of group-array)
(Merged PR: #258)

From npm audit security report :

High : Prototype Pollution
Package : set-value
Patched in : >=2.0.1 <3.0.0 || >=3.0.1
Dependency of : gulp-inject
Path : gulp-inject > group-array > union-value > set-value
More info : https://npmjs.com/advisories/1012

[joakimbeng]

🎉 This issue has been resolved in version 5.0.4 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[yeaske]

Just an FYI as I'm not sure if the version I'm using is deprecated.
I am using [email protected] and in the latest npm install it replaced [email protected] with [email protected]. ["group-array": "^0.3.0"].
This has caused the src stream consumption in inject to fail as it just takes the last element of the stream. I was able to fix this by moving back to [email protected].