Improve minifier behavior and remove vulnerable dependencies

[tobitege]

Summary

This PR contains two follow-up changes on top of main.

1. Adjust the Lua minifier integration in DULuaConfig

• pass explicit minifier options instead of relying on the library defaults
• keep global renaming disabled
• fall back to the original code when minification fails instead of aborting the whole build

2. Remove vulnerable dependencies and replace the small pieces of functionality that depended on them

• remove the direct npm dependency, which was pulling most of the reported advisories into the lockfile
• remove axios and replace its two GET call sites with a small local HTTP JSON helper in src/lib/HttpClient.ts
• remove lodash usage by replacing the remaining call sites with native code
• bump yaml to ^1.10.3
• add an override for cross-spawn so the clipboard-related transitive dependency resolves to a fixed version
• refresh package-lock.json

Why

The repository had accumulated Dependabot alerts from an older dependency tree. After these changes, the local audit is clean while the CLI still builds and starts normally.

Verification

• npm install
• npm audit
• npm run build
• du-lua help

[tobitege]

@matpratta - fyi: just today there was another axios npm sec thread reported by CISA, but fortunately this repo's version was locked to an older version. This makes the removal of axios with this PR even more important.
Edit: doh! they reported an incident from 3+ weeks ago!

[matpratta]

Hey @tobitege!

It's been a while I don't work on this project (or anything related to DU, haven't had the game installed since they shutdown).

Will try to review it over the weekend, as it's a somewhat big PR, mainly concerned about breaking the minifier behavior for others.

Thanks for the PR though!