fix: bump snyk-nuget-plugin to 4.2.3

[cjheppell]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages are release-note ready, emphasizing what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___)
• Includes product update to be announced in the next stable release notes

What does this PR do?

Bumps snyk-nuget-plugin from 4.2.0 to 4.2.3.

Release: https://github.com/snyk/snyk-nuget-plugin/releases/tag/v4.2.3

• Handles a missing dotnet CLI during runtime resolution scans
• Transitively bumps lodash to ^4.18.1 as required by the plugin

Where should the reviewer start?

package.json and package-lock.json.

How should this be manually tested?

Run snyk test / snyk monitor against a .NET project, including one where the
dotnet CLI is unavailable, to confirm runtime resolution scans no longer fail.

What's the product update that needs to be communicated to CLI users?

None.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected

📚 Repository Context Analyzed This review considered 6 relevant code sections from 2 files (average relevance: 0.40) package-lock.json (5 segments, lines 6-266) package.json (lines 1-229)

🤖 Repository instructions applied (from AGENTS.md)