UPM: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary UPM is currently using underscore.js 1.4.4. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variabl...