[Aikido] Fix 4 security issues in lodash, @aws-sdk/client-sts, @aws-sdk/client-cloudfront and 3 more

[aikido-autofix]

Upgrades multiple dependencies to address prototype pollution vulnerabilities in lodash, js-yaml, and AWS SDK, mitigating potential remote code execution risks.

✅ Code not affected by breaking changes.

The breaking change in @smithy/config-resolver (dropping Node.js 16 support) does not affect this codebase. The package is only a transitive dependency brought in through the AWS SDK clients used by oclif, which is itself a dependency of @asyncapi/cli.

The codebase does not directly import or use @smithy/config-resolver, and the dependency chain already requires Node.js >= 18.0.0 (enforced by the oclif package). Therefore, the Node.js 16 support removal has no practical impact on this project.

✅ 4 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2025-13465	MEDIUM	Prototype pollution vulnerability in Lodash allows attackers to delete methods from global object prototypes via crafted paths in _.unset and _.omit, potentially disrupting application behavior.
CVE-2025-64718	MEDIUM	Prototype pollution vulnerability in js-yaml allows attackers to modify object prototypes when parsing untrusted YAML, potentially leading to remote code execution or other critical security impacts.
AIKIDO-2025-10809	MEDIUM	Prototype Pollution vulnerability in YAML parsing allows attackers to inject malicious properties into object prototypes, potentially leading to remote code execution, DoS, or other security breaches through crafted input.
GHSA-6475-r3vj-m8vf	LOW	Potential misconfiguration in AWS SDK allows improper routing of API calls by setting invalid region values, which could lead to unintended endpoint connections or misrouted service requests.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cash-register-api-example-client	Error		Feb 1, 2026 11:39pm