Fix npm audit vulnerabilities (#157)

[Created by Copilot on behalf of @bghgary]

Fix npm audit vulnerabilities in the test project.

## Changes

- **`package-lock.json`**: Updated by `npm audit fix` for all
non-breaking vulnerability fixes (ajv, brace-expansion, diff, glob,
js-yaml, minimatch, picomatch, webpack).

Before: 11 vulnerabilities (2 low, 3 moderate, 6 high)
After: 2 vulnerabilities (2 high — both from mocha's
`serialize-javascript` dependency, not exploitable in this context since
it's only used for test bundling)

Supersedes #134.

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: bghgary