underscore dependency vulnerability

[mluypaert]

The underscore dependency version required in the package.json (1.8.3) has a known security vulnerability, which github rates as "critical" and tracks as GHSA-cf4h-3jhx-xvhq. Please update the used underscore version to a version that does not have this vulnerability (>= 1.12.1, latest version at current is 1.13.7).

[kltm]

Thank you for the report. We are currently evaluating replacing this library overall.

[kltm]

Considering evaluating this in a similar way to geneontology/wc-ribbon#50 , assuming this is in the context of the widgets. That said, this is also being balanced now against the wholesale replacement of this dependency for external uses. Keeping as note in Widget Alignment and Documentation .