chore(deps): bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
@astrojs/vercel	8.2.11	10.0.2
astro	5.16.11	6.1.6
picomatch	4.0.3	4.0.4
picomatch	2.3.1	2.3.2
lodash	4.17.23	4.18.1
rollup	4.53.5	4.60.2
smol-toml	1.6.0	1.6.1
vite	6.4.1	6.4.2
yaml	2.8.2	2.8.3

Updates @astrojs/vercel from 8.2.11 to 10.0.2

Release notes

Sourced from @​astrojs/vercel's releases.

@​astrojs/vercel@​10.0.2

Patch Changes

• #15959 335a204 Thanks @​matthewp! - Fix Vercel serverless path override handling so override values are only applied when the trusted middleware secret is present.

@​astrojs/vercel@​10.0.1

Patch Changes

• #15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

@​astrojs/vercel@​10.0.0

Major Changes

• #15413 736216b Thanks @​florian-lefebvre! - Removes the deprecated @astrojs/vercel/serverless and @astrojs/vercel/static exports. Use the @astrojs/vercel export instead

Minor Changes

• #15258 d339a18 Thanks @​ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:

  export default defineConfig({
    adapter: netlify({
  -    experimentalStaticHeaders: true
  +    staticHeaders: true
    })
  })

• #15413 736216b Thanks @​florian-lefebvre! - Updates the implementation to use the new Adapter API

• #15495 5b99e90 Thanks @​leekeh! - Adds new middlewareMode adapter feature and deprecates edgeMiddleware option

  The edgeMiddleware option is now deprecated and will be removed in a future release, so users should transition to using the new middlewareMode feature as soon as possible.

  export default defineConfig({
    adapter: vercel({
  -    edgeMiddleware: true
  +    middlewareMode: 'edge'
    })
  })

• #14946 95c40f7 Thanks @​ematipico! - Removes the experimental.csp flag and replaces it with a new configuration option security.csp - (v6 upgrade guidance)

Patch Changes

• #15781 2de969d Thanks @​ematipico! - Adds a new clientAddress option to the createContext() function

  Providing this value gives adapter and middleware authors explicit control over the client IP address. When not provided, accessing clientAddress throws an error consistent with other contexts where it is not set by the adapter.

... (truncated)

Changelog

Sourced from @​astrojs/vercel's changelog.

10.0.2

Patch Changes

• #15959 335a204 Thanks @​matthewp! - Fix Vercel serverless path override handling so override values are only applied when the trusted middleware secret is present.

10.0.1

Patch Changes

• #15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

10.0.0

Major Changes

• #15413 736216b Thanks @​florian-lefebvre! - Removes the deprecated @astrojs/vercel/serverless and @astrojs/vercel/static exports. Use the @astrojs/vercel export instead

Minor Changes

• #15258 d339a18 Thanks @​ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:

  export default defineConfig({
    adapter: netlify({
  -    experimentalStaticHeaders: true
  +    staticHeaders: true
    })
  })

• #15413 736216b Thanks @​florian-lefebvre! - Updates the implementation to use the new Adapter API

• #15495 5b99e90 Thanks @​leekeh! - Adds new middlewareMode adapter feature and deprecates edgeMiddleware option

  The edgeMiddleware option is now deprecated and will be removed in a future release, so users should transition to using the new middlewareMode feature as soon as possible.

  export default defineConfig({
    adapter: vercel({
  -    edgeMiddleware: true
  +    middlewareMode: 'edge'
    })
  })

• #14946 95c40f7 Thanks @​ematipico! - Removes the experimental.csp flag and replaces it with a new configuration option security.csp - (v6 upgrade guidance)

Patch Changes

... (truncated)

Commits

• 878791f [ci] release (#15985)
• 335a204 Require trusted secret for path overrides (#15959)
• 09ecdd7 [ci] release (#15889)
• 6f8f0bc fix: update peer dependency range (#15934)
• 48e5c4d [ci] release (#15808)
• 2ce9e74 chore: update docs links (#15732)
• 25560db [ci] release (beta) (#15773)
• 2de969d fix: provide client ip address to edge middlewares (#15781)
• 4ebc1e3 fix: calculate the correct value for clientAddress (#15778)
• 6414732 Spelling (#15601)
• Additional commits viewable in compare view

Updates astro from 5.16.11 to 6.1.6

Release notes

Sourced from astro's releases.

astro@6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

astro@6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

  When creating new projects, astro add cloudflare now sets compatibility_date to the current date. Previously, this date was resolved from locally installed packages, which could be unreliable in some package manager environments. Using today’s date is simpler and more reliable across environments, and is supported by workerd.

• #16259 34df955 Thanks @​gameroman! - Removed dlv dependency

astro@6.1.4

Patch Changes

• #16197 21f9fe2 Thanks @​SchahinRohani! - Remove unused re-exports from assets/utils barrel file to fix Vite build warning

• #16059 6d5469e Thanks @​matthewp! - Fixes Expected 'miniflare' to be defined errors and 404 responses in dev mode when using the Cloudflare adapter and the config file changes. Instead of creating a brand new Vite server on config changes, Astro now performs a Vite in-place restart, allowing the Cloudflare adapter to reuse its existing miniflare instance across restarts.

• #16154 7610ba4 Thanks @​Desel72! - Fixes pages with dots in their filenames (e.g. hello.world.astro) returning 404 when accessed with a trailing slash in the dev server. The trailingSlashForPath function now only forces trailingSlash: 'never' for endpoints with file extensions, allowing pages to correctly respect the user's trailingSlash config.

• #16193 23425e2 Thanks @​matthewp! - Fixes trailingSlash: "always" producing redirect HTML instead of the actual response for extensionless endpoints during static builds

astro@6.1.3

Patch Changes

• #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

• #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

• #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

• #16142 7454854 Thanks @​rururux! - Fixes HTML content being incorrectly escaped as plain text when rendering a MDX component using the AstroContainer APIs.

• #16116 12602a9 Thanks @​riderx! - Fixes a bug where page-level CSS could leak between unrelated pages when traversing style parents across top-level route boundaries

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

  When creating new projects, astro add cloudflare now sets compatibility_date to the current date. Previously, this date was resolved from locally installed packages, which could be unreliable in some package manager environments. Using today’s date is simpler and more reliable across environments, and is supported by workerd.

• #16259 34df955 Thanks @​gameroman! - Removed dlv dependency

6.1.4

Patch Changes

• #16197 21f9fe2 Thanks @​SchahinRohani! - Remove unused re-exports from assets/utils barrel file to fix Vite build warning

• #16059 6d5469e Thanks @​matthewp! - Fixes Expected 'miniflare' to be defined errors and 404 responses in dev mode when using the Cloudflare adapter and the config file changes. Instead of creating a brand new Vite server on config changes, Astro now performs a Vite in-place restart, allowing the Cloudflare adapter to reuse its existing miniflare instance across restarts.

• #16154 7610ba4 Thanks @​Desel72! - Fixes pages with dots in their filenames (e.g. hello.world.astro) returning 404 when accessed with a trailing slash in the dev server. The trailingSlashForPath function now only forces trailingSlash: 'never' for endpoints with file extensions, allowing pages to correctly respect the user's trailingSlash config.

• #16193 23425e2 Thanks @​matthewp! - Fixes trailingSlash: "always" producing redirect HTML instead of the actual response for extensionless endpoints during static builds

6.1.3

Patch Changes

• #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

• #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

• #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

... (truncated)

Commits

• 1945a93 [ci] release (#16281)
• bb4586a fix: avoid full-reload in scss modules (#14924)
• 5f3085b [ci] format
• b5c2fba Skip actions server-output validation when an adapter is configured (#16202)
• b06eabf Consolidate inline script escaping into shared utility (#16303)
• 92fc030 refactor(core): rename logger internal types (#16271)
• ba18015 [ci] format
• d198e82 test: port 16 routing unit tests to TypeScript (#16266)
• 673a871 [ci] release (#16244)
• fab9c00 chore: upgrade biome (#16246)
• Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

• e5474fc Publish 4.0.4
• 4516eb5 Merge commit from fork
• 5eceecd Merge commit from fork
• 0db7dd7 Run benchmark again against latest minimatch version (#161)
• 9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
• 2661f23 fix typo in globstars.js test name (#138)
• 1798b07 docs: fix makeRe example (#143)
• 9d76bc5 chore: undocument removed options (#146)
• e4d718b Remove unused time-require (#160)
• 38dffeb chore(deps): pin dependencies (#158)
• Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

• e5474fc Publish 4.0.4
• 4516eb5 Merge commit from fork
• 5eceecd Merge commit from fork
• 0db7dd7 Run benchmark again against latest minimatch version (#161)
• 9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
• 2661f23 fix typo in globstars.js test name (#138)
• 1798b07 docs: fix makeRe example (#143)
• 9d76bc5 chore: undocument removed options (#146)
• e4d718b Remove unused time-require (#160)
• 38dffeb chore(deps): pin dependencies (#158)
• Additional commits viewable in compare view

Updates brace-expansion from 2.0.2 to 5.0.5

Release notes

Sourced from brace-expansion's releases.

v4.0.1

• fmt 5a5cc17
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 0b6a978

---

juliangruber/brace-expansion@v4.0.0...v4.0.1

v4.0.0

• feat: use string replaces instead of splits (#64) 278132b
• fmt dd72a59
• add tea.yaml 70e4c1b

juliangruber/brace-expansion@v3.0.0...v4.0.0

As a precaution to not risk breaking anything with 278132b, this is a new semver major release

v3.0.1

• pkg: publish on tag 3.x 3059c07
• fmt 8229e6f
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 15f9b3c

---

juliangruber/brace-expansion@v3.0.0...v3.0.1

v3.0.0

• Switch to ES Modules and balanced-match 3.0.0 (#62) c0360e8
• added jsdoc (#55) 68c0e37
• node 16 is EOL 9e781e9
• add standard 3494c4d
• use const and let (#57) dd5a4cb
• docs 6dad209
• remove test e3dd8ae
• ci: update node versions d23ede9
• docs: add @​lanodan to contributors 1eb3fa4
• docs 1e7c9cd
• switch from tape to test module (#60) 2520537
• Bump minimist from 1.2.5 to 1.2.6 (#59) 61a94f1
• Bump path-parse from 1.0.6 to 1.0.7 (#51) dc741cf
• docs: add back ci badge 8ee5626
• Add github actions, remove travis. Closes #52 (#53) 5c8756a
• CI: Drop unused sudo: false Travis directive (#50) 05978a7

juliangruber/brace-expansion@v2.0.1...v3.0.0

Commits

• 8793901 5.0.5
• 9a02af5 Merge commit from fork
• daa71bc Bump tar from 7.5.10 to 7.5.11 (#92)
• 799e5f7 Bump tar from 7.5.9 to 7.5.10 (#90)
• 012c230 5.0.4
• 243c491 Fix handling of brackets. Closes #87
• 609f858 Correct incorrect brace-expansion import (#89)
• 3c51e2c 5.0.3
• 48c30d9 chore: support node 18 (#85)
• d673911 Bump tar from 7.5.7 to 7.5.9 (#84)
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates defu from 6.1.4 to 6.1.7

Release notes

Sourced from defu's releases.

v6.1.7

compare changes

📦 Build

• Correct the types export entry (#160)
• Export Defu types (#157)

❤️ Contributors

• Jakub Michálek (@​J-Michalek)
• Kricsleo (@​kricsleo)

v6.1.6

compare changes

📦 Build

• Fix mixed types (407b516)

v6.1.5

compare changes

🩹 Fixes

• Prevent prototype pollution via __proto__ in defaults (#156)
• Ignore inherited enumerable properties (11ba022)

✅ Tests

• Add more tests for plain objects (b65f603)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)

Changelog

Sourced from defu's changelog.

v6.1.7

compare changes

🩹 Fixes

• defu.d.cts: Export Defu types (#157)

📦 Build

• Correct the types export entry (#160)

❤️ Contributors

• Jakub Michálek (@​J-Michalek)
• Kricsleo (@​kricsleo)

v6.1.6

compare changes

📦 Build

• Fix mixed types (407b516)

❤️ Contributors

• Pooya Parsa (@​pi0)

v6.1.5

compare changes

🩹 Fixes

• Prevent prototype pollution via __proto__ in defaults (#156)
• Ignore inherited enumerable properties (11ba022)

🏡 Chore

• Add tea.yaml (70cffe5)
• Update repo (23cc432)
• Fix typecheck (89df6bb)

✅ Tests

• Add more tests for plain objects (b65f603)

🤖 CI

... (truncated)

Commits

• 80c0146 chore(release): v6.1.7
• 40d7ef4 fix(defu.d.cts): export Defu types (#157)
• 3d3a7c8 build: correct the types export entry (#160)
• 001c290 chore(release): v6.1.6
• 407b516 build: fix mixed types
• 23e59e6 chore(release): v6.1.5
• 11ba022 fix: ignore inherited enumerable properties
• 3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
• d3ef16d chore(deps): update actions/checkout action to v6 (#151)
• 869a053 chore(deps): update actions/setup-node action to v6 (#149)
• Additional commits viewable in compare view

Updates devalue from 5.6.2 to 5.7.1

Release notes

Sourced from devalue's releases.

v5.7.1

Patch Changes

• 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

v5.7.0

Minor Changes

• df2e284: feat: use native alternatives to encode/decode base64
• 498656e: feat: add DataView support
• a210130: feat: whitelist Float16Array
• df2e284: feat: simplify TypedArray slices

Patch Changes

• 5590634: fix: get uneval type handling up to parity with stringify
• 57f73fc: fix: correctly support boxed bigints and sentinel values

v5.6.4

Patch Changes

• 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

  This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

• 40f1db1: fix: ensure sparse array indices are integers

• 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

  This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

v5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

Changelog

Sourced from devalue's changelog.

5.7.1

Patch Changes

• 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

5.7.0

Minor Changes

• df2e284: feat: use native alternatives to encode/decode base64
• 498656e: feat: add DataView support
• a210130: feat: whitelist Float16Array
• df2e284: feat: simplify TypedArray slices

Patch Changes

• 5590634: fix: get uneval type handling up to parity with stringify
• 57f73fc: fix: correctly support boxed bigints and sentinel values

5.6.4

Patch Changes

• 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

  This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

• 40f1db1: fix: ensure sparse array indices are integers

• 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

  This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

Commits

• 6eb920a Version Packages (#146)
• 8becc7c fix: handle regexes consistently in uneval's value and reference formats (#145)
• 2eee2e4 Version Packages (#144)
• 498656e DataView support (#143)
• 5590634 Improve platform types support (#142)
• 57f73fc fix: support boxed bigints and sentinel values (#141)
• baec4cb Add prettier configuration (#140)
• a210130 feat: whitelist Float16Array (#137)
• df2e284 feat: use native alternatives to encode/decode base64 (#136)
• 26b7c8d chore: add simple benchmarks (#135)
• Additional commits viewable in compare view

Updates h3 from 1.15.5 to 1.15.11

Release notes

Sourced from h3's releases.

v1.15.11

compare changes

🏡 Chore

• Update defu to 6.1.6 (6125485)
• Update deps (4998dd8)
• Update cookie-es (d166186)

v1.15.10

compare changes

🩹 Fixes

• Preserve percent-encoded req.url in app event handler (#1355)

❤️ Contributors

• Sergio Azócar (@​sergioazoc)

v1.15.9

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)
• static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
• sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

v1.15.8

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)

v1.15.7

compare changes

🩹 Fixes

• static: Narrow path traversal check to match .. as a path segment only (c049dc0)
• app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

• Remove implicit event handler conversion warning (#1340)

❤️ Contributors

... (truncated)

Changelog

Sourced from h3's changelog.

v1.15.11

compare changes

🏡 Chore

• Update defu to 6.1.6 (6125485)
• Update deps (4998dd8)
• Update cookie-es (d166186)

❤️ Contributors

• Pooya Parsa (@​pi0)

v1.15.10

compare changes

🩹 Fixes

• Preserve percent-encoded req.url in app event handler (#1355)

🏡 Chore

• Update deps (26fec6f)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Sergio Azócar (@​sergioazoc)

v1.15.9

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)
• static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
• sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

🏡 Chore

• release: V1.15.8 (e3b9c9e)
• Update deps (23045df)

❤️ Contributors

• Pooya Parsa (@​pi0)

... (truncated)

Commits

• 7b9f41f chore(release): v1.15.11
• d166186 chore: update cookie-es
• 4998dd8 chore: update deps
• 6125485 chore: update defu to 6.1.6
• b72bb57 chore(release): v1.15.10
• d8ef318 remove resolutions for h3
• 26fec6f chore: update deps
• 51ca9b3 fix: preserve percent-encoded req.url in app event handler (#1355)
• 4e8d43a chore(release): v1.15.9
• 23045df chore: update deps
• Additional commits viewable in compare view

Updates lodash from 4.17.23 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lo...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
legesher-dot-io	Error		Apr 21, 2026 10:25pm