Upgrade lodash/lodash-es to 4.18.1 (CVE-2026-4800)

Summary:
Upgrade transitive dependency lodash from 4.17.21/4.17.23 to 4.18.1 and lodash-es
from 4.17.21 to 4.18.1 to remediate CVE-2026-4800 (Improper Control of Generation
of Code / Code Injection).

Updated lodash/lodash-es entries in 3 yarn.lock files:
- xplat/js/tools/react-fox/yarn.lock (lodash 4.17.21 → 4.18.1)
- xplat/js/tools/react-fox/apps/playground/yarn.lock (lodash 4.17.23 → 4.18.1)
- xplat/js/tools/metro/website/yarn.lock (lodash-es 4.17.21 → 4.18.1)

No package.json changes needed.

Reviewed By: Bellardia

Differential Revision: D102241929

fbshipit-source-id: b9a4d3ff16b2e74ea115d7954e6eebc3c0514b34

Author: sandeep3028

website/yarn.lock

@@ -6548,9 +6548,9 @@ locate-path@^7.1.0:
     p-locate "^6.0.0"
 
 lodash-es@^4.17.21:
-  version "4.17.21"
-  resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.17.21.tgz#43e626c46e6591b7750beb2b50117390c609e3ee"
-  integrity sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==
+  version "4.18.1"
+  resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.18.1.tgz#b962eeb80d9d983a900bf342961fb7418ca10b1d"
+  integrity sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==
 
 lodash.debounce@^4.0.8:
   version "4.0.8"