chore(deps): bump vulnerable transitive dependencies (#1092)

* chore(deps): bump vulnerable transitive dependencies via resolutions

Add yarn resolutions to upgrade path-to-regexp (^8.4.0), picomatch v4
(^4.0.4), and fast-xml-parser (^5.5.6) to patched versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore(deps): bump @aws-sdk/credential-providers, drop fast-xml-parser resolution

Bump @aws-sdk/credential-providers from ^3.1000.0 to ^3.1023.0, which
pulls in @aws-sdk/xml-builder@3.972.16 with fast-xml-parser@5.5.8
(patched). This removes the need for a fast-xml-parser resolution override.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: brendan-kellam

package.json

@@ -37,6 +37,8 @@
         "node-gyp/glob": "^10.5.0",
         "sucrase/glob": "^10.5.0",
         "rimraf@npm:5.0.10/glob": "^10.5.0",
-        "@opentelemetry/resources": "2.5.1"
+        "@opentelemetry/resources": "2.5.1",
+        "path-to-regexp": "^8.4.0",
+        "picomatch@^4": "^4.0.4"
     }
 }

packages/web/package.json

@@ -26,7 +26,7 @@
     "@ai-sdk/react": "^3.0.107",
     "@ai-sdk/xai": "^3.0.60",
     "@auth/prisma-adapter": "^2.11.1",
-    "@aws-sdk/credential-providers": "^3.1000.0",
+    "@aws-sdk/credential-providers": "^3.1023.0",
     "@codemirror/commands": "^6.6.0",
     "@codemirror/lang-cpp": "^6.0.2",
     "@codemirror/lang-css": "^6.3.0",