fix(deps): patch transitive CVEs via overrides

- handlebars 4.7.8 -> 4.7.9 (CVE-2026-33916 thru CVE-2026-33941)
- flatted 3.3.4 -> 3.4.2 (CVE-2026-32141, CVE-2026-33228)
- minimatch 10.2.4 -> 10.2.5 to pull brace-expansion 5.0.5 (CVE-2026-33750)
- brace-expansion 1.1.12 -> 1.1.13 (CVE-2026-33750)
- lodash-es 4.17.23 -> 4.18.1 (CVE-2026-2950, CVE-2026-4800)
- path-to-regexp 0.1.12 -> 0.1.13 (CVE-2026-4867)
- picomatch 4.0.3 -> 4.0.4 (CVE-2026-33672, CVE-2026-33671)
- yaml 2.8.2 -> 2.8.3 (CVE-2026-33532)

Author: tokio-on-jupiter

package-lock.json

@@ -50,7 +50,7 @@
     "prettier": "^3.2.5",
     "ts-jest": "^29.1.1",
     "typescript": "^5.5.2",
-    "minimatch": "10.2.4"
+    "minimatch": "10.2.5"
   },
   "optionalDependencies": {
     "@nx/nx-darwin-arm64": "22.5.3",
@@ -59,7 +59,14 @@
     "@nx/nx-win32-x64-msvc": "22.5.3"
   },
   "overrides": {
-    "minimatch": "$minimatch"
+    "minimatch": "$minimatch",
+    "handlebars": "4.7.9",
+    "flatted": "3.4.2",
+    "brace-expansion@^1": "1.1.13",
+    "lodash-es": "4.18.1",
+    "path-to-regexp@<1": "0.1.13",
+    "picomatch": "4.0.4",
+    "yaml@^2": "2.8.3"
   },
   "resolutions": {
     "@types/node": "^18"