chore(deps): bump vulnerable transitives + lodash/protobufjs overrides

Resolves Dependabot alerts via lockfile refresh:
- lodash 4.17.23 -> 4.18.1 (override bump; GHSA-x6tw-rgw9-mxc7, GHSA-jq5h-29mv-9xx9)
- protobufjs 7.5.6 -> 7.6.1 (override bump; GHSA-29r9-gm9g-x6mh)
- brace-expansion 5.0.5 -> 5.0.6 (GHSA-v6h2-p8h4-qcjw)
- fast-uri 3.1.1 -> 3.1.2 (GHSA-pj56-2hpv-2vc8)
- mermaid 11.14.x -> 11.15.0 (GHSA-x46c-xq57-mxgh and 3 more)
- @babel/plugin-transform-modules-systemjs 7.29.0 -> 7.29.4 (GHSA-rfg6-cgxx-c2gf)
- ws 8.18.x -> 8.21.0 (GHSA-fxqf-hf2v-2vw3)
- webpack-dev-server 5.2.3 -> 5.2.4 (GHSA-9jgg-88mc-972h)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: B4nan