Fix Dependabot security alerts for js-yaml and lodash

Bump js-yaml to ^4.1.1 (prototype pollution fix) and add overrides
for js-yaml and lodash (^4.17.23) to patch transitive dependencies
from openapi-to-postmanv2.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: gjtorikian

package-lock.json

@@ -8,9 +8,13 @@
     "generate:postman:local": "tsx scripts/postman/generate.ts --local"
   },
   "dependencies": {
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
     "openapi-to-postmanv2": "^5.8.0"
   },
+  "overrides": {
+    "js-yaml": "^4.1.1",
+    "lodash": "^4.17.23"
+  },
   "devDependencies": {
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^22.0.0",