fix: update dependencies to resolve security vulnerabilities (#83)

Update package-lock.json to address multiple Dependabot security alerts:
- lodash: 4.17.23 → 4.18.1 (fixes prototype pollution and code injection)
- lodash-es: 4.17.23 → 4.18.1 (fixes prototype pollution and code injection)
- handlebars: 4.7.8 → 4.7.9 (fixes critical JavaScript injection vulnerabilities)
- undici: 6.23.0 → 6.25.0 (fixes WebSocket parser crashes and CRLF injection)
- npm: 11.11.0 → 11.13.0 (includes minimatch 10.2.5 to fix ReDoS vulnerabilities)

This update resolves 1 critical, 7 high, and 2 moderate severity vulnerabilities.
The remaining moderate vulnerability (ip-address) is a bundled npm dependency
that cannot be fixed at the project level.

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: butler54