fix(deps): patch npm dependency vulnerabilities

Update picomatch (2.3.1→2.3.2, 4.0.3→4.0.4), yaml (1.10.2→1.10.3),
diff (→8.0.4), and rollup (→4.60.0) to address CVE-2026-33671,
CVE-2026-33672, CVE-2026-33532, CVE-2026-27606, and GHSA-73rr-hh4g-fpgx.

Also fix lefthook biome glob to exclude lockfiles, which caused false
failures when only lockfiles were staged.

Author: vredchenko

claude-code/smartem-frontend/skills/playwright/package-lock.json

@@ -6,7 +6,8 @@ pre-commit:
   commands:
     biome:
       root: webui/
-      glob: "*.{ts,tsx,js,jsx,json}"
+      glob: "*.{ts,tsx,js,jsx,json,jsonc}"
+      exclude: "*lock*"
       run: npx @biomejs/biome check --write {staged_files}
       stage_fixed: true
     prettier: