Merge pull request #20823 from edx/renovate/npm-underscore.string-vulnerability

Update dependency underscore.string to v3.3.5 [SECURITY]

package-lock.json

@@ -13910,9 +13910,9 @@
       "integrity": "sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI="
     },
     "underscore.string": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/underscore.string/-/underscore.string-3.3.4.tgz",
-      "integrity": "sha1-LCo/n4PmR2L9xF5s6sZRQoZCE9s=",
+      "version": "3.3.5",
+      "resolved": "https://registry.npmjs.org/underscore.string/-/underscore.string-3.3.5.tgz",
+      "integrity": "sha512-g+dpmgn+XBneLmXXo+sGlW5xQEt4ErkS3mgeN2GFbremYeMBSJKr9Wf2KJplQVaiPY/f7FN6atosWYNm9ovrYg==",
       "requires": {
         "sprintf-js": "1.0.3",
         "util-deprecate": "1.0.2"

package.json

@@ -59,7 +59,7 @@
     "svg-inline-loader": "0.8.0",
     "uglify-js": "2.7.0",
     "underscore": "1.8.3",
-    "underscore.string": "3.3.4",
+    "underscore.string": "3.3.5",
     "webpack": "2.7.0",
     "webpack-bundle-tracker": "0.2.1",
     "webpack-merge": "4.1.1",