fix: resolve critical and high severity npm vulnerabilities (#101)

* fix: resolve critical and high severity npm vulnerabilities

Update indirect dependencies via npm audit fix to address:
- axios <=1.14.0: critical SSRF via NO_PROXY bypass and header injection (GHSA-3p68-rc4w-qgx5, GHSA-fvcv-3m26-pcqx)
- handlebars <=4.7.8: critical/high JS injection and prototype pollution (multiple CVEs)
- basic-ftp <=5.2.1: high CRLF injection / FTP command injection (GHSA-6v7q-wjvx-w8wg, GHSA-chqc-8p9q-pq6q)
- lodash <=4.17.23: high code injection and prototype pollution (GHSA-r5fr-rjxr-66jc, GHSA-f23m-r3pf-42rh)
- path-to-regexp 8.0.0-8.3.0: high ReDoS (GHSA-j3q9-mxjg-w52f, GHSA-27v5-c462-wpq7)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(tests): replace fail() with throw for Jest 30 compatibility

fail() was removed in Jest 27+; replace with throw so errors surface correctly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: aa-replicated

package-lock.json

@@ -30,7 +30,7 @@ describe("Archive Customer", () => {
         expect(true).toEqual(true);
       })
       .catch(err => {
-        fail(err);
+        throw err;
       });
   });
 });

src/customers.spec.ts

@@ -45,7 +45,7 @@ describe("Promote Release", () => {
         expect(true).toEqual(true);
       })
       .catch(err => {
-        fail(err);
+        throw err;
       });
   });
 });
@@ -75,7 +75,7 @@ describe("Report Results", () => {
         expect(true).toEqual(true);
       })
       .catch(err => {
-        fail(err);
+        throw err;
       });
   });
 });
@@ -112,7 +112,7 @@ describe("Get Release", () => {
         expect(true).toEqual(true);
       })
       .catch(err => {
-        fail(err);
+        throw err;
       });
   });
 });