chore: resolve open dependabot security advisories

[jonathannorris]

Summary

• Bumped lodash to 4.18.1 (from 4.17.23) and added resolutions for lodash and lodash.template to close alerts 179-181
• Pinned hono to 4.12.12 in mcp-worker and added root resolutions for hono and @hono/node-server to close alerts 185-190
• Added resolution for vite to 7.3.2 to close alerts 182-184 (transitive dep via vitest)

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	devcycle-mcp-server	0411126	Apr 11 2026, 12:09 PM

[Copilot]

Pull request overview

This PR updates dependency versions and Yarn resolutions to address multiple Dependabot security advisories in the CLI monorepo (root package + mcp-worker workspace), ensuring vulnerable transitive dependencies are forced to patched versions.

Changes:

• Bumped lodash and added root-level resolutions for lodash and lodash.template.
• Pinned hono in mcp-worker and added root-level resolutions for hono and @hono/node-server.
• Added a root-level resolution for vite (transitive via vitest), which also updates the associated esbuild range in the lockfile.

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File	Description
package.json	Updates lodash dependency and adds/extends Yarn resolutions to force patched transitive versions (hono, @hono/node-server, vite, lodash, lodash.template).
mcp-worker/package.json	Pins hono to a specific patched version for the worker workspace.
yarn.lock	Reflects the resolved dependency graph updates (notably lodash, hono, @hono/node-server, vite, and esbuild platform packages).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.