chore(cms): update alt-text and vercel-deployments plugins

[jhb-dev]

Update @jhb.software/payload-alt-text-plugin from 0.4.2 to 0.4.3 and
@jhb.software/payload-vercel-deployments from ^0.1.0 to ^0.2.0. Pass
the website URL (NEXT_PUBLIC_FRONTEND_URL) to the vercel deployments
widget config via the new websiteUrl option.

https://claude.ai/code/session_01LqFjyiwxKEG7ZXiaZFVUnM

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
website	Ignored		Apr 9, 2026 7:55am
website-cms	Ignored		Apr 9, 2026 7:55am

[claude]

PR Review

This is a straightforward dependency update. A few observations:

Potential Issues

websiteUrl type mismatch (cms/src/payload.config.ts):
process.env.NEXT_PUBLIC_FRONTEND_URL returns string | undefined, while projectId above it uses the non-null assertion (!). If the plugin's widget.websiteUrl expects a string (not string | undefined), this could cause a TypeScript error or unexpected runtime behavior. Verify whether the option is optional in @jhb.software/payload-vercel-deployments@0.2.0's types — if not, add ! or a fallback.

Unintended lock file change (pnpm-lock.yaml):
The mcp-handler snapshot changed its @modelcontextprotocol/sdk peer resolution from zod@3.25.76 to zod@4.1.12. This appears to be an unintentional side-effect of running pnpm install. While likely harmless, it's worth verifying this doesn't introduce a zod version conflict at runtime.

Security

No concerns — NEXT_PUBLIC_FRONTEND_URL is already a public environment variable (browser-exposed), so passing it to the widget config doesn't expose anything sensitive.

Performance

No concerns — these are minor plugin version bumps with no expected performance impact.

---

Overall the PR looks good. The main thing to double-check is the websiteUrl: string | undefined typing.