[Aikido] Fix security issue in lodash-es via minor version upgrade from 4.17.23 to 4.18.1

[aikido-autofix]

Upgrade lodash-es to fix critical RCE vulnerability in _.template via unsafe options.imports handling and medium prototype pollution in .unset/.omit functions.

✅ Code not affected by breaking changes.

✅ No breaking changes affect this codebase. The search found no usage of _.unset, _.omit, or _.template in the project's source code. The lodash-es package appears only as a transitive dependency used by third-party libraries (dagre-d3-es and mermaid), and the project does not directly import or use any lodash-es methods that would be affected by the breaking changes in version 4.18.1.

All breaking changes by upgrading lodash-es from version 4.17.23 to 4.18.1 (CHANGELOG)

Version	Description
4.18.0	_.unset / _.omit: constructor and prototype are now blocked unconditionally as non-terminal path keys. Calls that previously returned true and deleted the property now return false and leave the target untouched.
4.18.0	_.template: imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template" error, where previously they were accepted.

✅ 2 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-4800	🚨 CRITICAL	[lodash-es] A vulnerability in _.template allows arbitrary code execution through untrusted key names in options.imports or prototype pollution, as validation was incomplete after a prior CVE fix. An attacker can inject malicious code that executes during template compilation.
CVE-2026-2950	MEDIUM	[lodash-es] Prototype pollution vulnerability in _.unset and _.omit functions allows attackers to bypass previous fixes using array-wrapped path segments, enabling deletion of properties from built-in prototypes. While this doesn't allow overwriting prototype behavior, it can cause denial of service or unexpected application behavior.