Security vulnerability related to underscore-min.js

[AirJunda]

The underscore-min.js from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

In django-hstore, underscore-min.js 1.5.2 is used.
Could you update the django-hstore package to use underscore-min.js >=1.13.0-2?