[Snyk] Upgrade underscore from 1.8.3 to 1.12.1

[snyk-bot]

Snyk has created this PR to upgrade underscore from 1.8.3 to 1.12.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-03-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: underscore

• 1.12.1 - 2021-03-15
  

  Security fix in _.template and restored optimization in _.debounce.

• 1.12.0 - 2020-11-24
  

  _.get, _.toPath, bugfixes, compatibility, performance and testing.

• 1.11.0 - 2020-08-28
  

  Prepare 1.11.0

• 1.10.2 - 2020-03-30
  

  Underscore.js 1.10.2

• 1.10.1 - 2020-03-30
• 1.10.0 - 2020-03-30
• 1.9.2 - 2020-01-06
• 1.9.1 - 2018-05-31
• 1.9.0 - 2018-04-18
• 1.8.3 - 2015-04-02

from underscore GitHub release notes

Commit messages

Package name: underscore

• bf5a0ed Merge branch 'template-variable-parameter'
• 7e3d404 Update annotated sources and minified bundles for 1.12.1
• 5343fbc Add version 1.12.1 to the documentation
• 44df929 Bump the version to 1.12.1
• 7e89b79 Un-document the fix for #2911 for the time being
• 4c73526 Fix #2911
• ef646cc Reflect real issue of #2911 in test from #2912
• a6159ff Fix indentation in the test from #2912
• 798eafa Update the link to the preview release (bugfix)
• 07cc415 Convert all RawGit links to Statically
• db7fb6a Add temporary note about preview release to index.html
• 548fa01 Merge pull request #2913 from ognjenjevremovic/test/time-tampering-tests
• 3a5c878 test: Assertion comment updates; `_.throttle` and `_.debounce`.
• 4d5d198 test: 💍 Time tampering tests for _.throttle and _.deobounce
• a4cc7c0 Add a test to confirm we are not vulnerable to CVE-2021-23337 (#2911)
• 745e9b7 Merge pull request #2896 from anderlaw/master
• af2f919 Correct "Non-numerical values in list will be ignored"
• c9b4b63 Put back test/vendor/qunit.* static files to fix live website tests
• 311b04e Merge pull request #2892 from kritollm/master
• 6568211 Make a comment render more nicely
• 0b93f06 Fixed a few more details
• 913bcf2 Resolved changes requested.
• 769a494 throttle cleanup
• 03f9781 Reimplementing timer optimization #1269

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs