Add vulnerability fix in changelog. Drop support to node < 10, at least officially (latest version of mocha does not work in node < 10). Remove sponsor.

Author: mariocasciaro

.travis.yml

@@ -1,11 +1,7 @@
 sudo: false
 language: node_js
 node_js:
-  - "0.10"
-  - "0.12"
-  - "4"
-  - "6"
-  - "8"
   - "10"
+  - "12"
   - "14"
 after_script: NODE_ENV=test istanbul cover ./node_modules/mocha/bin/_mocha --report lcovonly -- -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage

README.md

@@ -15,6 +15,10 @@ Sponsored by [<img src="https://frontendrobot.com/assets/fr-full-logo-green.png"
 
 ## Changelog
 
+### 0.11.5
+
+* **Security Fix**. Fix a prototype pollution vulnerability in the `set()` function when using the "inherited props" mode (e.g. when a new `object-path` instance is created with the `includeInheritedProps` option set to `true` or when using the `withInheritedProps` default instance. The vulnerability does not exist in the default instance exposed by object path (e.g `objectPath.set()`).
+
 ### 0.11.0
 
 * Introduce ability to specify options and create new instances of `object-path`

package.json

@@ -11,7 +11,7 @@
     "url": "git://github.com/mariocasciaro/object-path.git"
   },
   "engines": {
-    "node": ">=0.10.0"
+    "node": ">= 10.12.0"
   },
   "devDependencies": {
     "@mariocasciaro/benchpress": "^0.1.3",