[Aikido] Fix 4 security issues in lodash, @aws-sdk/client-sts, @aws-sdk/client-cloudfront and 3 more

[aikido-autofix]

Upgrades multiple dependencies to address prototype pollution vulnerabilities in lodash and js-yaml, and enhance AWS SDK region validation security.

✅ Code not affected by breaking changes.

The breaking change (dropped support for Node.js 16) does not affect this codebase. The project already uses Node.js 18 as specified in .node-version and documented in example-client/README.md. The upgrade from @smithy/config-resolver 3.0.12 to 4.4.0 is safe to proceed.

✅ 4 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2025-13465	MEDIUM	Prototype pollution vulnerability in Lodash allows attackers to delete methods from global object prototypes via crafted paths in _.unset and _.omit, potentially disrupting application functionality.
CVE-2025-64718	MEDIUM	Prototype pollution vulnerability in js-yaml allows attackers to modify object prototypes when parsing untrusted YAML, potentially leading to remote code execution or other critical security impacts.
AIKIDO-2025-10809	MEDIUM	Prototype Pollution vulnerability in YAML parsing allows attackers to inject malicious properties into object prototypes, potentially leading to remote code execution, DoS, or other security breaches through crafted input.
GHSA-6475-r3vj-m8vf	LOW	An attacker could manipulate the region input field in AWS SDK for JavaScript, potentially routing API calls to unintended or non-AWS hosts, risking improper service configuration and potential security misrouting.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
cash-register-api-example-client	Error		Jan 26, 2026 11:36pm