Bump underscore from 1.13.6 to 1.13.8 #154

Open

dependabot[bot] wants to merge 1 commits from dependabot/npm_and_yarn/underscore-1.13.8 into main

pull from: dependabot/npm_and_yarn/underscore-1.13.8

merge into: frishi:main

frishi:main

frishi:dep-hell

frishi:dependabot/npm_and_yarn/picomatch-2.3.2

frishi:dependabot/npm_and_yarn/multi-c136cad177

frishi:dependabot/npm_and_yarn/flatted-3.4.2

frishi:dependabot/npm_and_yarn/socket.io-parser-4.2.6

frishi:dependabot/npm_and_yarn/svgo-4.0.1

frishi:graphql-refactor

frishi:react-19-upgrade

frishi:airdcpp-regression

frishi:comicvine-integration-improvements

frishi:qbittorrent-integration

frishi:dark-mode-3

frishi:dark-mode-2

frishi:dark-mode-refactor

frishi:dark-mode-refactor-2

frishi:comic-detail-react-query

frishi:zustand-react-query-navbar

frishi:qbittorrent-settings-form

frishi:move-to-zustand-react-query

frishi:import-queue-progress

frishi:service-statuses-settings

frishi:80-vite-env-var-hostname-fix

frishi:76-hostname-docker-context-fix

frishi:71-dockerfile-update

frishi:comicvine-import-improvements

frishi:bugfix-#59

frishi:relocating-screenshots

frishi:storybook-7-upgrade

frishi:elasticsearch-upgrade-fix

frishi:vite-build-system

frishi:funding-fix

frishi:funding

frishi:service-statuses

frishi:dcpp-socket-status

frishi:dev

frishi:rishighan-screenshots-dec-2022

Conversation 0 Commits 1 Files Changed 2 +2102 -62

dependabot[bot] commented 2026-03-03 20:45:46 +00:00 (Migrated from github.com)

Copy Link

Bumps underscore from 1.13.6 to 1.13.8.

Commits

• 9374840 Merge branch 'release/1.13.8'
• 309ad7e Re-generate annotated sources and minified codemaps
• a1ac1d3 Add links to diff and docs in 1.13.8 change log entry
• b579595 Mention CVE-2026-27601 in comments and documentation (#3011)
• 45ea015 Revert obfuscations from 42823bb.
• 4a4019e Update minified bundles
• 1ccfdd0 Add preliminary release notes for 1.13.8
• 42823bb Temporarily obfuscate comments
• a6e23ae Make _.isEqual nonrecursive
• f2b5164 Add regression test against stack overflow in _.isEqual
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [underscore](https://github.com/jashkenas/underscore) from 1.13.6 to 1.13.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259"><code>9374840</code></a> Merge branch 'release/1.13.8'</li> <li><a href="https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5"><code>309ad7e</code></a> Re-generate annotated sources and minified codemaps</li> <li><a href="https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051"><code>a1ac1d3</code></a> Add links to diff and docs in 1.13.8 change log entry</li> <li><a href="https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44"><code>b579595</code></a> Mention CVE-2026-27601 in comments and documentation (<a href="https://redirect.github.com/jashkenas/underscore/issues/3011">#3011</a>)</li> <li><a href="https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89"><code>45ea015</code></a> Revert obfuscations from 42823bb.</li> <li><a href="https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0"><code>4a4019e</code></a> Update minified bundles</li> <li><a href="https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355"><code>1ccfdd0</code></a> Add preliminary release notes for 1.13.8</li> <li><a href="https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446"><code>42823bb</code></a> Temporarily obfuscate comments</li> <li><a href="https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84"><code>a6e23ae</code></a> Make _.isEqual nonrecursive</li> <li><a href="https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00"><code>f2b5164</code></a> Add regression test against stack overflow in _.isEqual</li> <li>Additional commits viewable in <a href="https://github.com/jashkenas/underscore/compare/1.13.6...1.13.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rishighan/threetwo/network/alerts). </details>

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dependabot/npm_and_yarn/underscore-1.13.8:dependabot/npm_and_yarn/underscore-1.13.8

git checkout dependabot/npm_and_yarn/underscore-1.13.8

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0

Game-stopping bug

bug

Something isn't working

catch-all

Holding place for similar issues

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

fix

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

javascript

Pull requests that update javascript code

major

question

Further information is requested

refactor

tech debt

testing-required

Fix issued, but tests are pending

wontfix

This will not be worked on

No Label dependencies javascript

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

frishi

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: frishi/threetwo#154