fix: resolve dependabot security alerts (#681)

* fix: resolve dependabot security alerts

Add yarn resolutions and npm overrides to force patched versions of
vulnerable transitive dependencies:

- uuid >=14.0.0 (MEDIUM)
- brace-expansion >=1.1.13 (MEDIUM)
- follow-redirects >=1.16.0 (MEDIUM)
- lodash >=4.18.0 (HIGH+MEDIUM)
- path-to-regexp >=0.1.13 (HIGH)
- serialize-javascript >=7.0.5 (HIGH+MEDIUM)
- node-forge >=1.4.0 (HIGH x6)
- picomatch >=2.3.2 (HIGH+MEDIUM)
- qs >=6.14.2 (LOW+MEDIUM)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: pin path-to-regexp to ^0.1.13 to preserve API compatibility

>=0.1.13 resolved to v8.x which has a breaking API change (no default
function export). Docusaurus/react-router requires the v0.1.x API,
so pin to ^0.1.13 which gets the security fix while staying compatible.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: aa-replicated

package-lock.json

@@ -53,6 +53,26 @@
     "node": ">=24.0"
   },
   "resolutions": {
-    "webpack-dev-server": ">=5.2.1"
+    "webpack-dev-server": ">=5.2.1",
+    "uuid": ">=14.0.0",
+    "brace-expansion": ">=1.1.13",
+    "follow-redirects": ">=1.16.0",
+    "lodash": ">=4.18.0",
+    "path-to-regexp": "^0.1.13",
+    "serialize-javascript": ">=7.0.5",
+    "node-forge": ">=1.4.0",
+    "picomatch": ">=2.3.2",
+    "qs": ">=6.14.2"
+  },
+  "overrides": {
+    "uuid": ">=14.0.0",
+    "brace-expansion": ">=1.1.13",
+    "follow-redirects": ">=1.16.0",
+    "lodash": ">=4.18.0",
+    "path-to-regexp": "^0.1.13",
+    "serialize-javascript": ">=7.0.5",
+    "node-forge": ">=1.4.0",
+    "picomatch": ">=2.3.2",
+    "qs": ">=6.14.2"
   }
 }