Upgrade @babel/core→7.29.0, @babel/preset-env→7.29.5, postcss→8.5.14, lodash→4.18.1, add uuid override (#126)

Fixes CVE-2026-44728 (@babel/plugin-transform-modules-systemjs),
CVE-2026-41305 (postcss), CVE-2026-4800 and CVE-2026-2950 (lodash),
and CVE-2026-41907 (uuid).

Author: mraible

ui/extensions/hello/package-lock.json

@@ -22,8 +22,8 @@
     "react-router-dom": "7.13.0"
   },
   "devDependencies": {
-    "@babel/core": "7.28.4",
-    "@babel/preset-env": "7.28.3",
+    "@babel/core": "7.29.0",
+    "@babel/preset-env": "7.29.5",
     "@babel/preset-react": "7.27.1",
     "@rollup/plugin-babel": "6.0.4",
     "@rollup/plugin-commonjs": "28.0.6",
@@ -36,7 +36,7 @@
     "@web/rollup-plugin-html": "2.3.0",
     "jest": "30.1.3",
     "jest-environment-jsdom": "30.1.2",
-    "postcss": "8.5.6",
+    "postcss": "8.5.14",
     "rollup": "4.59.0",
     "rollup-plugin-postcss": "4.0.2"
   },
@@ -68,14 +68,15 @@
   },
   "overrides": {
     "js-yaml": "^3.14.2",
-    "lodash": "4.17.23",
+    "lodash": "4.18.1",
     "svgo": "2.8.1",
     "minimatch@3": "3.1.4",
     "minimatch@9": "9.0.9",
     "picomatch@2": "2.3.2",
     "picomatch@4": "4.0.4",
     "yaml@1": "1.10.3",
     "brace-expansion@1": "1.1.13",
-    "brace-expansion@2": "2.0.3"
+    "brace-expansion@2": "2.0.3",
+    "uuid": "13.0.1"
   }
 }