Fix package-lock.json stability for js-yaml bump

[Copilot]

The Dependabot PR bumping js-yaml contained a package-lock.json that was regenerated on each npm install in CI, causing the "Check for changes" workflow step to fail.

Changes

• Regenerated package-lock.json with stable dependency resolutions
• Updated @types/lodash 4.17.20 → 4.17.21 (latest compatible patch)
• Updated prettier 3.6.2 → 3.7.4 (latest compatible minor)
• Removed incorrect "peer": true field from prettier-doc-at-most-one-index

The js-yaml updates (3.14.1 → 3.14.2 and 4.1.0 → 4.1.1) from the original PR are preserved.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

[!WARNING]

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• wpackagist.org
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/O9Bj3W /usr/bin/composer install (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)