chore(deps): update @isaacs/brace-expansion to 5.0.1 [security]

[hisasami]

Summary

• Override @isaacs/brace-expansion to 5.0.1 to fix CVE-2026-25547 (DoS via unbounded brace range expansion)
• Resolves Dependabot alert chore(rest-api-client): move api client script to examples #177

Details

• @isaacs/brace-expansion is a transitive dev dependency (via minimatch used by eslint-plugin-import-x, glob, rimraf)
• Dependabot cannot update this automatically because it is an indirect dependency
• Added pnpm.overrides in package.json to pin to 5.0.1

Test plan

• Verify pnpm install completes without errors
• Verify pnpm build and pnpm test pass
• Verify that the REST API client functions within a browser (UMD file)
• Verify Dependabot alert chore(rest-api-client): move api client script to examples #177 is resolved after merge

🤖 Generated with Claude Code

[hisasami]

Investigation Summary for Dependabot Alert #177 (CVE-2026-25547)

@isaacs/brace-expansion is only used as a transitive dev dependency (via minimatch, used by
eslint-plugin-import-x, glob, and rimraf). It is not included in any production builds or published packages.

This vulnerability does not affect the functionality of our packages or end users. The fix is a pnpm.overrides pin to version 5.0.1.