fix(deps): resolve npm security advisories (#42)

## Summary

This updates direct and transitive dependencies to clear current npm /
Dependabot security findings (LangChain serialization issue, MCP SDK
advisories, ESLint plugin-kit ReDoS, minimatch ReDoS, tar extraction
issues, and related transitive upgrades via `npm audit fix`).

## Dependency changes

- `@langchain/core` 1.0.1 → 1.1.38; `@langchain/openai` 1.0.0 → 1.4.1;
`@langchain/textsplitters` 1.0.0 → 1.0.1
- `@modelcontextprotocol/sdk` 1.20.0 → 1.29.0
- `minimatch` 10.0.1 → 10.2.5; `tar` `^7.4.3` → `^7.5.11`
- `eslint` / `@eslint/js` 9.23.0 → 9.39.4

## Verification

- `npm audit`: 0 vulnerabilities
- `npm test`: all tests passed locally
- `npm run check` / build: passed via `prepare` on install

## Notes

Review [MCP SDK release
notes](https://github.com/modelcontextprotocol/typescript-sdk) for any
behavioral changes (e.g. transport/DNS-related defaults) when upgrading
from 1.20 to 1.29.

Author: sp3nx0r

.github/workflows/cd.yml

@@ -29,6 +29,8 @@ jobs:
 
       - name: Install deps
         run: npm ci
+        env:
+          NPM_CONFIG_REGISTRY: https://registry.npmjs.org/
 
       - name: Build
         run: npm run build

.github/workflows/ci.yml

@@ -21,6 +21,8 @@ jobs:
 
       - name: Install deps
         run: npm ci
+        env:
+          NPM_CONFIG_REGISTRY: https://registry.npmjs.org/
 
       - name: Build
         run: npm run build

.github/workflows/generate-artifacts.yml

@@ -30,6 +30,8 @@ jobs:
 
       - name: Install dependencies
         run: npm ci
+        env:
+          NPM_CONFIG_REGISTRY: https://registry.npmjs.org/
 
       - name: Get current date
         id: date

.npmrc

@@ -0,0 +1 @@
+registry=https://registry.npmjs.org/