Bump lodash-es and @mgks/docmd in /docmd

[dependabot]

Removes lodash-es. It's no longer used after updating ancestor dependency @mgks/docmd. These dependencies need to be updated together.

Removes lodash-es

Updates @mgks/docmd from 0.3.0 to 0.3.8

Release notes

Sourced from @​mgks/docmd's releases.

docmd@0.3.8 🚀 (The Universal Engine Update)

Date: January 10, 2026 Repository: github.com/docmd-io/docmd Website: docmd.io

This release marks a pivotal moment in the project's history. We have migrated to a dedicated organization, slashed the package size by over 90%, and completely rewrote the internal engine to be faster, leaner, and more stable.

🏠 New Home, New Identity

We have graduated from a personal project to a dedicated organization.

• Source Code: Moved to docmd-io/docmd.
• Documentation: Now live at docs.docmd.io.
• Live Editor: Now hosted at live.docmd.io.
• Website: Check out the new landing page at docmd.io.

📉 The "Codebase Surgery" (90% Smaller)

We went on a strict diet. By removing heavy dependencies and optimizing our build strategy, docmd is now lighter than ever.

• Removed express: Replaced the Dev Server with a lightweight, native Node.js HTTP server.
• Removed fs-extra: Replaced with native Node.js fs/promises and custom lightweight utils.
• Removed clean-css: Switched to esbuild for lightning-fast CSS/JS minification.
• CDN Strategy: We no longer bundle the massive mermaid.js and minisearch libraries inside the CLI. These are now loaded via CDN at runtime, reducing the install size from ~5.7MB to ~500KB.
• Static Scripts Compression: All static assets are pre-optimized and get compressed on each build and live up to 20-30%, except dev to give developers space to live edit scripts.
• Asset Trimming: Removed images from static assets and compressed existing ones to almost 50-70%.
• In-house Dependency: After removing some of the heavy dependencies we got rid of additional 200+ dependencies completely unusable to us, instead we replaced them with our in-house scripts.

✨ New Features

⚡ Smart Dev Server

No more crashing if Port 3000 is busy.

• Interactive Port Selection: If the default port is taken, docmd dev will politely ask to spawn on the next available port.
• Fail-Safe Sockets: Fixed a race condition where the Live Reload socket tried to connect before the server was ready.

🛠️ Programmatic API

docmd is no longer just a CLI. You can now import the core engine into your own Node.js scripts.

const { build } = require('@mgks/docmd');
// Build your docs programmatically
await build('./docmd.config.js', {
isDev: false,
preserve: true
});

🧠 Smarter init

• Auto-Package: docmd init now detects if package.json is missing and generates one for you, making new projects deployment-ready instantly.
• Better Templates: The default generated files now feature a beautiful "Welcome" page demonstrating Callouts, Tabs, and Cards.

... (truncated)

Commits

• 971e1ee Update README.md
• 310df14 Update package-lock.json
• e096d51 Update package.json
• 51eee36 Optimized plugins
• 37870b5 Optimized docmd live
• df1e9f7 Introducing docmd API access
• 41fe4ba Optimized templates
• e2a7d9a Optimized core files
• dc36d45 Introducing html-formatter to cleanup HTML
• 01c7efa Introducing fs-utils replacing fs-extra
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​mgks/docmd since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.