Fix 5 security issues in lodash, lodash-es, react-hook-form and 2 more

[aikido-autofix]

Patches critical prototype pollution and ReDoS vulnerabilities in lodash, lodash-es, react-hook-form, d3-color, and brace-expansion to prevent potential remote exploitation.

✅ Code not affected by breaking changes.

No breaking changes from the d3-color upgrade affect this codebase. The package is not directly imported or used in the source code - it's only a transitive dependency through the victory package. While d3-color 3.0.0 requires Node.js 12+, the project's CI/CD pipelines already use Node.js 14 and 16, which satisfy this requirement.

Note: The package.json specifies "node": ">=10", which is less restrictive than d3-color's Node.js 12+ requirement. Consider updating the engine requirement to "node": ">=12" to align with the actual dependency requirements, though this is not a breaking change for the current codebase.

All breaking changes by upgrading d3-color from version 2.0.0 to 3.1.0 (CHANGELOG)

Version	Description
3.0.0	Now requires Node.js 12 or higher

✅ 4 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2025-13465	MEDIUM	Prototype pollution vulnerability in Lodash allows attackers to delete methods from global object prototypes via crafted paths in _.unset and _.omit, potentially disrupting application functionality.
AIKIDO-2024-10523	MEDIUM	Affected versions of this package are vulnerable to prototype pollution due to insufficient safeguards. Attackers can exploit the prototype and constructor properties to manipulate object prototypes, potentially leading to unintended behavior, security breaches, or further exploitation.
GHSA-36jr-mh4h-2g58	LOW	The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.
CVE-2025-5889	LOW	Regex complexity vulnerability in brace-expansion library enables potential remote DoS attack through inefficient pattern manipulation, allowing attackers to cause significant computational resource consumption.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}