[Snyk] Security upgrade underscore from 1.9.1 to 1.12.1

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	883/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: underscore

The new version differs by 250 commits.

• bf5a0ed Merge branch 'template-variable-parameter'
• 7e3d404 Update annotated sources and minified bundles for 1.12.1
• 5343fbc Add version 1.12.1 to the documentation
• 44df929 Bump the version to 1.12.1
• 7e89b79 Un-document the fix for [Snyk] Remediate medium vulnerability for jQuery #2911 for the time being
• 4c73526 Fix [Snyk] Remediate medium vulnerability for jQuery #2911
• ef646cc Reflect real issue of [Snyk] Remediate medium vulnerability for jQuery #2911 in test from Update Org Chart (05/28/19 go live date) #2912
• a6159ff Fix indentation in the test from Update Org Chart (05/28/19 go live date) #2912
• 798eafa Update the link to the preview release (bugfix)
• 07cc415 Convert all RawGit links to Statically
• db7fb6a Add temporary note about preview release to index.html
• 548fa01 Merge pull request Remove SSFs and Leadership PACs from receipts/individual contribution datatables #2913 from ognjenjevremovic/test/time-tampering-tests
• 3a5c878 test: Assertion comment updates; `_.throttle` and `_.debounce`.
• 4d5d198 test: 💍 Time tampering tests for _.throttle and _.deobounce
• a4cc7c0 Add a test to confirm we are not vulnerable to CVE-2021-23337 ([Snyk] Remediate medium vulnerability for jQuery #2911)
• 745e9b7 Merge pull request Research and decide approach to new office pages #2896 from anderlaw/master
• af2f919 Correct "Non-numerical values in list will be ignored"
• c9b4b63 Put back test/vendor/qunit.* static files to fix live website tests
• 311b04e Merge pull request Feature/2802 aggregate totals widget #2892 from kritollm/master
• 6568211 Make a comment render more nicely
• 0b93f06 Fixed a few more details
• 913bcf2 Resolved changes requested.
• 769a494 throttle cleanup
• 03f9781 Reimplementing timer optimization No assigned analyst validation and test scripts.  #1269

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[codecov-io]

Codecov Report

Merging #4522 (7c1ce8a) into develop (3752a19) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop    #4522   +/-   ##
========================================
  Coverage    75.83%   75.83%           
========================================
  Files          124      124           
  Lines         7611     7611           
  Branches       616      616           
========================================
  Hits          5772     5772           
  Misses        1839     1839           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3752a19...7c1ce8a. Read the comment docs.

[lbeaufort]

Not using Snyk PRs at this time.