chore(deps): bump underscore and cordova-lib

[dependabot]

Removes underscore. It's no longer used after updating ancestor dependency cordova-lib. These dependencies need to be updated together.

Removes underscore

Updates cordova-lib from 12.0.2 to 13.0.0

Changelog

Sourced from cordova-lib's changelog.

13.0.0 (Oct 29, 2025)

Breaking Changes:

• GH-964 chore(npm)!: bump write-file-atomic@7.0.0
• GH-961 chore!: update dependencies & node requirement
• GH-957 feat!: remove cordova serve command
• GH-955 chore(npm)!: bump various packages
• GH-953 feat(plugman)!: remove create plugin support
• GH-949 chore!: bump node requirement & npm dependencies
• GH-958 chore!: remove deprecated platform data
• GH-959 chore!: remove unused templates

Features:

• GH-952 feat: replace dep-graph dependency w/ custom class

Fixes:

• GH-944 fix(emulator): Support listing emulators with --list

Chores:

• GH-963 chore: update package-lock.json
• GH-960 chore: various updates to the root files
• GH-956 chore(npm): bump @cordova/eslint-config@6.0.0
• GH-946 chore(deps-dev): bump brace-expansion from 1.1.11 to 1.1.12
• GH-939 chore(deps): bump path-to-regexp and express
• GH-937 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6
• GH-938 chore(ci): Fix failing dependabot PRs

CI & Others:

• GH-954 ci: various workflow improvements
• GH-950 ci(workflow): update release-audit & license config
• GH-945 ci: Add node 22 and 24 to CI testing matrix
• GH-941 Keep final new line in package.json
• GH-942 Persist relative paths on disk

Commits

• 6c2cdd9 release(13.0.0): updated release notes & version (lib-13.0.0)
• 3e18409 chore(npm)!: bump write-file-atomic@7.0.0 (#964)
• 12286be chore: update package-lock.json (#963)
• 852ba6b chore!: update package dependencies (#961)
• 8d2855b chore: various updates to the root files (#960)
• c323a19 chore: remove unused templates (#959)
• 82dbfa2 chore: remove deprecated platform data (#958)
• 2c58279 feat!: remove cordova serve command (#957)
• 4b55cd7 chore(npm): bump @​cordova/eslint-config@​6.0.0 (#956)
• c67248d chore(npm)!: bump various packages (#955)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.