[Snyk] Upgrade underscore from 1.9.1 to 1.13.7

[BD-HUGO]

Snyk has created this PR to upgrade underscore from 1.9.1 to 1.13.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 19 versions ahead of your current version.

• The recommended version was released on 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	596	Proof of Concept

Release notes

Package name: underscore

• 1.13.7 - 2024-07-24
  

  DataView bugfix, source links, dark mode and other improvements

• 1.13.6 - 2022-09-23
  

  Hotfix after 1.13.5 to remove postinstall script

• 1.13.5 - 2022-09-23
  

  Patch to add exports.require.module, plus testing updates

• 1.13.4 - 2022-06-02
  

  Patch release to address WebPack module federation issue

• 1.13.3 - 2022-04-23
  

  Patch release with improved compatibility with ExtendScript

• 1.13.2 - 2021-12-16
  

  Underscore 1.13.2 -- minor bugfixes and improved documentation

• 1.13.1 - 2021-04-15
  

  Restores the underscore.js UMD alias to git

• 1.13.0 - 2021-04-09
  

  Node.js native ESM support in main release stream, docs updates

• 1.13.0-3 - 2021-03-31
  

  Preview release that adds the "module" exports condition

• 1.13.0-2 - 2021-03-15
• 1.13.0-1 - 2021-03-11
• 1.13.0-0 - 2021-03-10
• 1.12.1 - 2021-03-15
  

  Security fix in _.template and restored optimization in _.debounce.

• 1.12.0 - 2020-11-24
• 1.11.0 - 2020-08-28
• 1.10.2 - 2020-03-30
• 1.10.1 - 2020-03-30
• 1.10.0 - 2020-03-30
• 1.9.2 - 2020-01-06
• 1.9.1 - 2018-05-31

from underscore GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[BD-HUGO]

Automated PR Comment From Polaris SCA

❌ Found dependencies violating policy!

Dependency	Policies Violated	License(s)	Vulnerabilities	Short Term Recommended Upgrade	Long Term Recommended Upgrade	Resolved / Filtered Out
body-parser 1.18.3	Asymmetric Resource Consumption (Amplification)	MIT License	❌   CVE-2024-45590 Medium CVSS 7.5	1.20.3 (0 known vulnerabilities)	2.0.1 (0 known vulnerabilities)	❕
Async 2.6.1	Modification of Assumed-Immutable Data (MAID)	MIT License	❌   CVE-2021-43138 High CVSS 9.8	2.6.4 (0 known vulnerabilities)	3.2.6 (0 known vulnerabilities)	❕
Selenium 2.53.3	Cross-site Scripting Third-party component usage NULL Pointer Dereference	Apache License 2.0	❌   CVE-2020-23452 High CVSS 8.7 ❌   BDSA-2021-4248 High CVSS 9.8 ❌   CVE-2023-5590 High CVSS 8.1		4.25.0 (0 known vulnerabilities)	❕
expressjs/express 4.16.4	Open URL Redirect Cross-site Scripting	MIT License	❌   CVE-2024-29041 Medium CVSS 6.5 ❌   CVE-2024-43796 High CVSS 8.0	4.21.1 (0 known vulnerabilities)	5.0.1 (0 known vulnerabilities)	❕