[Snyk] Upgrade underscore from 1.11.0 to 1.13.4

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade underscore from 1.11.0 to 1.13.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-06-02.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: underscore

• 1.13.4 - 2022-06-02
  

  Patch release to address WebPack module federation issue

• 1.13.3 - 2022-04-23
  

  Patch release with improved compatibility with ExtendScript

• 1.13.2 - 2021-12-16
  

  Underscore 1.13.2 -- minor bugfixes and improved documentation

• 1.13.1 - 2021-04-15
  

  Restores the underscore.js UMD alias to git

• 1.13.0 - 2021-04-09
  

  Node.js native ESM support in main release stream, docs updates

• 1.13.0-3 - 2021-03-31
  

  Preview release that adds the "module" exports condition

• 1.13.0-2 - 2021-03-15
  

  Preview of 1.13.0 with security fix from 1.12.1

• 1.13.0-1 - 2021-03-11
  

  Bugfix for the new Node.js 12+ native ESM entry point

• 1.13.0-0 - 2021-03-10
  

  Node.js native ESM support (prerelease), _.debounce optimization

• 1.12.1 - 2021-03-15
  

  Security fix in _.template and restored optimization in _.debounce.

• 1.12.0 - 2020-11-24
• 1.11.0 - 2020-08-28

from underscore GitHub release notes

Commit messages

Package name: underscore

• 979dfc4 Merge branch 'prepare-1.13.4'
• fcb149d Add a change log entry for 1.13.4
• cf6ed6f Bump the version to 1.13.4
• 75d257f Merge pull request #2959 from petschki/module-federation-version
• 46d77d3 Fix for webpack module federation "No version" error
• da06656 Merge pull request #2956 from zackschuster/patch-1
• adf8838 fix heading nesting
• 5af5ecb update contributing to clarify how to clone from other sources
• 6ce24a2 add fsck error workaround to contributing.md #2887
• c7ce0d7 Expand git.io URLs in codeql-analysis workflow (fix #2957)
• e7e719e Update generated files, tag 1.13.3 release
• 0062d3c Merge branch 'prepare-1.13.3'
• 0a531f1 Add a change log entry for 1.13.3
• 1022ab3 Update the LICENSE date
• fd6f7a3 Bump the version to 1.13.3
• b112c23 Add a comment to the modules/.eslintrc (post-merge review comment #2953)
• 2bd4e79 Waste even fewer CPU cycles in CI
• aca966a Prevent test-node from running twice in CI on Node.js 14
• a3c2c66 Merge pull request #2953 from jgonggrijp/extendscript-precedence
• c4e0920 Parenthesize remaining mixed expressions of && and || (#2949)
• ad93ed5 Enforce parenthesization of && and || with a linter rule (#2949)
• 825e9c2 Parenthesize mixed expressions of || and && (fix #2949)
• 0557e33 Merge pull request #2951 from Krinkle/same-version
• f12551c Merge pull request #2950 from Krinkle/xvfb

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs