Bump underscore and gulp.spritesmith in /themes/dctx-v2

[dependabot]

Bumps underscore to 1.13.8 and updates ancestor dependency gulp.spritesmith. These dependencies need to be updated together.

Updates underscore from 1.4.4 to 1.13.8

Commits

• 9374840 Merge branch 'release/1.13.8'
• 309ad7e Re-generate annotated sources and minified codemaps
• a1ac1d3 Add links to diff and docs in 1.13.8 change log entry
• b579595 Mention CVE-2026-27601 in comments and documentation (#3011)
• 45ea015 Revert obfuscations from 42823bb.
• 4a4019e Update minified bundles
• 1ccfdd0 Add preliminary release notes for 1.13.8
• 42823bb Temporarily obfuscate comments
• a6e23ae Make _.isEqual nonrecursive
• f2b5164 Add regression test against stack overflow in _.isEqual
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.

Updates gulp.spritesmith from 6.9.0 to 6.13.1

Changelog

Sourced from gulp.spritesmith's changelog.

6.13.1 - Updated documentation and tests to support Gulp@5

6.13.0 - Upgraded to async@3.2.3 to fix GitHub vulnerability alert

6.12.1 - Updated Travis CI Node.js versions

6.12.0 - Upgraded to underscore@1.13.1 to fix GitHub vulnerability warning. Fixes #155

6.11.0 - Upgraded to spritesmith@3.4.0 to propagate npm audit fix

6.10.1 - Removed vulnerable js-yaml from dev dependencies

6.10.0 - Upgraded to spritesheet-templates@10.3.0 to remove LESS JS utilization

Commits

• 16e7588 Release 6.13.1
• 6fcd06a Updated documentation for Gulp 5.0.0 support
• 4741951 Added encoding: false for all output images
• a0eb0ea Found an encoding fix but it won't work for both outputs
• 5fd3de8 Added encoding: false which resolved command execution but bumping into PNG...
• 23e9391 Release 6.13.0
• a5b46de Upgraded to async@3.2.3 to fix GitHub vulnerability alert
• 2a80397 Release 6.12.1
• 66f024c Updated Node.js versions for Travis CI
• 6ceaca9 Release 6.12.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.