fix: resolve npm security vulnerabilities (qs, babel)

[TimeToBuildBob]

Summary

• Run npm audit fix to resolve security vulnerabilities that were causing Dependabot CI failures
• Fixes qs <=6.14.1 (arrayLimit bypass DoS vulnerabilities)
• Fixes @babel/helpers and @babel/runtime <7.26.10 (ReDoS)

Context

Dependabot was failing with security_update_not_possible for the qs package because the lockfile was out of sync. Running npm audit fix resolves this and several other moderate/high severity issues.

Test plan

• Verify npm audit no longer reports qs vulnerability
• Verify existing tests still pass

[ellipsis-dev]

Skipped PR review on 874da12 because no changed files had a supported extension. If you think this was in error, please contact us and we'll fix it right away.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 26.20%. Comparing base (0cc1e2f) to head (874da12).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #762   +/-   ##
=======================================
  Coverage   26.20%   26.20%           
=======================================
  Files          29       29           
  Lines        1706     1706           
  Branches      311      311           
=======================================
  Hits          447      447           
  Misses       1195     1195           
  Partials       64       64           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[TimeToBuildBob]

@greptileai review

[greptile-apps]

Greptile Summary

This PR updates package-lock.json via npm audit fix to resolve security vulnerabilities. Key changes include:

• qs updated from <=6.14.1 to 6.15.0 (resolves arrayLimit bypass DoS vulnerability)
• @babel/helpers updated from 7.25.0 to 7.28.6 (resolves ReDoS vulnerability, requires >=7.26.10)
• @babel/runtime updated from 7.23.2 to 7.28.6 (resolves ReDoS vulnerability, requires >=7.26.10)
• Various other Babel-related packages updated to compatible versions
• Transitive dependencies updated including jsesc (v2→v3), commander (v4→v6), and others

All updated packages are dev dependencies or transitive dependencies. No changes to package.json means the direct dependency constraints remain unchanged, which is correct for npm audit fix.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The changes are automated security updates via npm audit fix, which only updates the lockfile to resolve known vulnerabilities. All critical security issues mentioned in the PR description (qs DoS and Babel ReDoS) are properly addressed with updated versions. No breaking changes to direct dependencies or application code.
• No files require special attention

Important Files Changed

Filename	Overview
package-lock.json	Updated dependency versions via npm audit fix to resolve security vulnerabilities in qs, @babel/helpers, and @babel/runtime

_{Last reviewed commit: 874da12}

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}