UID2-6871: Fix CVE-2026-4800 by upgrading lodash to 4.18.1

Add lodash override (^4.18.0) in package.json overrides for both
react-client-side apps to resolve CVE-2026-4800 in the transitive
lodash@4.17.21 dependency. Regenerated lockfiles confirm lodash@4.18.1
is now installed in place of 4.17.21.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: sunnywu

web-integrations/google-secure-signals/react-client-side/package-lock.json

@@ -36,7 +36,8 @@
     "underscore": "^1.13.8",
     "flatted": "^3.4.2",
     "path-to-regexp@0": "0.1.13",
-    "picomatch": "^2.3.2"
+    "picomatch": "^2.3.2",
+    "lodash": "^4.18.0"
   },
   "scripts": {
     "start": "node server.js",

web-integrations/google-secure-signals/react-client-side/package.json

@@ -36,7 +36,8 @@
     "underscore": "^1.13.8",
     "flatted": "^3.4.2",
     "path-to-regexp@0": "0.1.13",
-    "picomatch": "^2.3.2"
+    "picomatch": "^2.3.2",
+    "lodash": "^4.18.0"
   },
   "scripts": {
     "start": "node server.js",