Hi, I do not know much about web design at all, but have managed to put together a website using a Hugo template. I received a disconcerting message on GitHub alerting me to “Upgrade underscore to version 1.12.1 or later.”, in order to resolve an apparently serious security vulnerability.
I’m not really sure how to do that! Though I was able to track down the relevant files in repository (GitHub - mvanaman/website), which appear to be:
- /public/lib/js-sequence-diagrams/underscore-1.8.3.min.js, and
I think I’ve figured out that I should replace this file (or its contents) with the updated one from here, but the role of these files within a Hugo template is mysterious to me and I’m worried it will break something. Is replacing this file (or its contents) the correct thing to do?
Thank you for your time, and apologies in advance if this is an extremely basic question!