fix: bump axios to 1.15.0 and lodash to 4.18.1 to resolve dependabot alerts

[jonathannorris]

Summary

• Pins axios to 1.15.0 via yarn resolutions to fix 2 critical CVEs (GHSA-fvcv-3m26-pcqx, GHSA-3p68-rc4w-qgx5) — header injection/SSRF chain and NO_PROXY bypass
• Pins lodash to 4.18.1 via yarn resolutions to fix a high code injection CVE (GHSA-r5fr-rjxr-66jc) and a medium prototype pollution CVE (GHSA-f23m-r3pf-42rh)

Both are transitive dependencies, so yarn resolutions is the right fix here. Closes dependabot alerts #169, #170, #171, #172.

[Copilot]

Pull request overview

This PR addresses Dependabot security alerts by forcing patched versions of vulnerable transitive dependencies via Yarn 4 resolutions, and updating the lockfile accordingly.

Changes:

• Pin axios to 1.15.0 using resolutions to remediate reported CVEs.
• Pin lodash to 4.18.1 using resolutions to remediate reported CVEs.
• Update yarn.lock to reflect the resolved versions (including proxy-from-env as pulled in by axios).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Adds Yarn resolutions entries to force axios and lodash to patched versions.
yarn.lock	Updates resolved package entries/checksums for axios, lodash, and proxy-from-env.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[cloudflare-workers-and-pages]

Deploying devcycle-docs with    Cloudflare Pages

Latest commit:	e12d6ff
Status:	✅  Deploy successful!
Preview URL:	https://e2a5e20c.devcycle-docs.pages.dev
Branch Preview URL:	https://fix-dependabot-alerts.devcycle-docs.pages.dev

View logs