[CRITICAL] Remove lodash.shuffle dependency causing security vulnerabilities in enterprise environments and it raised as a Security risk by Blackduck scan

[Surajchowdhury12]

Hi CodeceptJS team, after upgrading to CodeceptJS 3.7.5, we're encountering critical security vulnerability alerts from BlackDuck and other enterprise security scanners due to the lodash.shuffle@4.2.0 dependency introduced in v3.7.4. The scanners are flagging multiple high-severity vulnerabilities (7 High, 4 Medium, 1 Low) because they incorrectly apply full lodash@4.2.0 vulnerabilities to this micro-package that blocking our enterprise deployments and CI/CD pipelines. Since lodash.shuffle is used in only one location https://github.com/codeceptjs/CodeceptJS/blob/3.x/lib/codecept.js#L189 within CodeceptJS and the lodash ecosystem is no longer actively maintained with known security concerns, could you please consider replacing it with a native Fisher-Yates shuffle implementation? This would eliminate the security scanner issues entirely while maintaining the same functionality. I can provide a simple native implementation if helpful - this change would significantly benefit enterprise users who rely on automated security scanning for compliance requirements.