chore(deps): update dependencies flagged by security scan

[ksaurabhAparavi]

Summary

• Bump dependencies flagged by a security/SOC scan to patched versions (package.json + lockfile).

Testing

• CI (./builder test) — relying on GitHub Actions; not runnable in the contributor's local shell (engine build / Maven / torch unavailable). Static checks (compile, no conflict markers) pass.

Linked Issue

Fixes #1159

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated package.json to add a brace-expansion dependency override under pnpm.overrides, constraining the package to versions >=5.0.5 <6 to enforce patched security updates flagged by security review.

Changes

Security Dependency Overrides

Layer / File(s)	Summary
brace-expansion override constraint package.json	Added brace-expansion entry to pnpm.overrides with version constraint >=5.0.5 <6 to enforce patched versions across the dependency tree.

🎯 1 (Trivial) | ⏱️ ~2 minutes

A bunny hops through the deps so fine,
brace-expansion locked at version line,
Five-oh-five through five it shall stay,
Security patched, bugs kept at bay! 🐰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The code change updates the brace-expansion npm dependency to a patched version (>=5.0.5 <6) via pnpm overrides, directly addressing issue #1159's requirement to update security-flagged npm dependencies.
Out of Scope Changes check	✅ Passed	The single change adds a brace-expansion dependency override, which is within scope as it addresses the SOC-flagged npm dependencies objective without introducing unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: updating a security-flagged dependency (brace-expansion) to a patched version through pnpm overrides.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🤖 Internal: Discord sync marker

Auto-managed by the Discord notification workflow. Stores the linked Discord message ID. Do not edit or delete.