underscore dependency vulnerability

[mluypaert]

The underscore dependency version required in the package.json (1.8.3) has a known security vulnerability, which github rates as "critical" and tracks as GHSA-cf4h-3jhx-xvhq. Please update the used underscore version to a version that does not have this vulnerability (>= 1.12.1, latest version at current is 1.13.7).

[kltm]

Thank you for the report. We are currently evaluating replacing this library overall.

[kltm]

Considering evaluating this in a similar way to geneontology/wc-ribbon#50 , assuming this is in the context of the widgets. That said, this is also being balanced now against the wholesale replacement of this dependency for external uses. Keeping as note in Widget Alignment and Documentation .

[kltm]

Talking w @pkalita-lbl , we think that cleaning up / removing the bbop* libraries is going to have to be done at some point, but cannot be tied to the completion of the widget's project. We would also note that when we switch to the new gocam-py version of the widget, this library will no longer be used.