fix(ci): patch vibecoder high severity npm deps

[Nadav011]

Summary

• refresh the lockfile with safe npm audit fixes for current HIGH findings on main
• reduce current Trivy output to a single moderate brace-expansion issue
• keep app code unchanged in this follow-up; this is dependency remediation only

Verification

• npm audit --json
• npm run lint
• npm run typecheck
• EXPO_PUBLIC_SUPABASE_URL=https://placeholder.supabase.co EXPO_PUBLIC_SUPABASE_ANON_KEY=placeholder npm run build

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[Copilot]

Copilot wasn't able to review any files in this pull request.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 04fd9eae-f9ae-486b-82b5-88cac58f7fe6

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/vibecoder-trivy

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}