Bump lodash and verdaccio

[dependabot]

Bumps lodash to 4.17.23 and updates ancestor dependency verdaccio. These dependencies need to be updated together.

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates verdaccio from 6.1.6 to 6.3.2

Release notes

Sourced from verdaccio's releases.

v6.3.2

What's Changed

• chore(deps): update node.js to v22.22.1 (6.x) by @​renovate[bot] in verdaccio/verdaccio#5623
• fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in verdaccio/verdaccio#5636

Full Changelog: verdaccio/verdaccio@v6.3.1...v6.3.2

v6.3.1

• No changes
• Only to create new docker latest image

Full Changelog: verdaccio/verdaccio@v6.3.0...v6.3.1

v6.3.0

What's Changed

• fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in verdaccio/verdaccio#5587
• chore(deps): update dependency selfsigned to v5 (6.x) by @​renovate[bot] in verdaccio/verdaccio#5591
• fix(deps): update dependency envinfo to v7.21.0 (6.x) by @​renovate[bot] in verdaccio/verdaccio#5590
• chore(deps): update dependency supertest to v7.2.2 (6.x) by @​renovate[bot] in verdaccio/verdaccio#5589
• chore(deps): pin dependencies (6.x) by @​renovate[bot] in verdaccio/verdaccio#5586
• chore(deps): update dependency cross-env to v10.1.0 (6.x) by @​renovate[bot] in verdaccio/verdaccio#5588
• chore: refactor eslint by @​juanpicado in verdaccio/verdaccio#5609
• fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in verdaccio/verdaccio#5613
  • by @​mbtools 👏🏼
    • fix: error checking storage directory verdaccio/verdaccio#5447
    • chore(web): reduce memory consumption of package list #5639
    • fix(auth): processing allow_unpublish #5602
    • by @​juanpicado
      • [feat: make asset manifest bundler-agnostic #5608](verdaccio/verdaccio#5608)
        verdaccio/verdaccio#5602
    • fix(api): remove unnecessary allow check verdaccio/verdaccio#5599
  • Renovate 🤖
    • [fix(deps): update dependency minimatch to v7.4.9 (master) #5607](verdaccio/verdaccio#5607)
    • [fix(deps): update dependency ajv to v8.18.0 (master) #5605](verdaccio/verdaccio#5605)

Full Changelog: verdaccio/verdaccio@v6.2.9...v6.3.0

v6.2.9

Full Changelog: verdaccio/verdaccio@v6.2.8...v6.2.9

• No changes in the source code
• Fixed docker publish build wasn't correctly pushing the latest and semantic version tags

Reference: https://github.com/orgs/verdaccio/discussions/5582

v6.2.8

... (truncated)

Changelog

Sourced from verdaccio's changelog.

6.3.2 (2026-03-14)

Bug Fixes

• deps: update core verdaccio dependencies (#5636) (3da63a4)

6.3.1 (2026-03-08)

6.3.0 (2026-03-08)

Bug Fixes

• deps: update core verdaccio dependencies (#5587) (0369efa)
• deps: update core verdaccio dependencies (#5613) (1763ae2)
• deps: update dependency envinfo to v7.21.0 (#5590) (980ef5c)

6.2.9 (2026-02-26)

6.2.8 (2026-02-25)

Bug Fixes

• docker image dependencies and cmd run updates (#5584) (98d00bd)

6.2.7 (2026-02-21)

6.2.6 (2026-02-21)

Bug Fixes

• deps: update dependency @​cypress/request to v3.0.10 (#5580) (eefa2f2)
• deps: update dependency cors to v2.8.6 (#5576) (f0d9d89)
• deps: update dependency lodash to v4.17.23 (#5577) (40071b2)
• deps: update dependency semver to v7.7.4 (#5578) (973f0cb)

6.2.5 (2026-01-31)

Bug Fixes

• update express v4.22.1 (#5557) (0a64b69)
• update node.js v22.22.0 (#5558) (f6f32ff)

6.2.4 (2025-12-02)

... (truncated)

Commits

• d39d554 chore(release): 6.3.2
• 3da63a4 fix(deps): update core verdaccio dependencies (#5636)
• 2f522cd chore(deps): update node.js to v22.22.1 (#5623)
• 99cb815 chore(release): 6.3.1
• efeedb1 chore(release): 6.3.0
• 1763ae2 fix(deps): update core verdaccio dependencies (#5613)
• 2d9ba2f chore: refactor eslint (#5609)
• 5505c7c chore(deps): update dependency cross-env to v10.1.0 (#5588)
• 2d42639 chore(deps): pin dependencies (#5586)
• 8c89b9c chore(deps): update dependency supertest to v7.2.2 (#5589)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.