chore: upgrade @babel/core to ^7.29.6 to address CVE-2026-49356 (#1333)

* chore: upgrade @babel/core to ^7.29.6 to address CVE-2026-49356

Refreshed the yarn.lock so all transitive @babel/core instances resolve to
7.29.7 (>= 7.29.6), fixing the arbitrary file read via sourceMappingURL comment.

Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1357/sourcebot-devsourcebot-cve-2026-49356-babelcore-arbitrary-file-read#agent-session-c9dbdeec)

Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>

* docs: add CHANGELOG entry for @babel/core upgrade

Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1357/sourcebot-devsourcebot-cve-2026-49356-babelcore-arbitrary-file-read#agent-session-c9dbdeec)

Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>

---------

Co-authored-by: Brendan Kellam <10233483+brendan-kellam@users.noreply.github.com>
Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>

Author: brendan-kellam

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 - Upgraded `@grpc/grpc-js` to `^1.14.4`. [#1315](https://github.com/sourcebot-dev/sourcebot/pull/1315)
 - Upgraded `vite` to `^8.0.16`. [#1313](https://github.com/sourcebot-dev/sourcebot/pull/1313)
+- Upgraded `@babel/core` to `^7.29.6`. [#1333](https://github.com/sourcebot-dev/sourcebot/pull/1333)
 - Upgraded `markdown-it` to `^14.2.0`. [#1321](https://github.com/sourcebot-dev/sourcebot/pull/1321)
 - Upgraded `form-data` to `^4.0.6`. [#1316](https://github.com/sourcebot-dev/sourcebot/pull/1316)
 - Upgraded `hono` to `^4.12.25`. [#1322](https://github.com/sourcebot-dev/sourcebot/pull/1322)