fix security vulnerabilities flagged by Dependabot

[mcharytoniuk]

Summary

• Update actix-web-lab from 0.24 to 0.26 (fixes host header poisoning in redirect middleware)
• Update lodash from ^4.17.21 to ^4.17.23 (fixes prototype pollution in _.unset/_.omit)
• Update jarmuz from ^0.4.0 to ^0.10.0 (drops vulnerable yauzl via @vscode/ripgrep removal)
• Transitive dependency updates via lockfile regeneration: tar 7.4.3→7.5.11, minimatch to patched versions, flatted to ≥3.4.0, ajv to patched versions

Test plan

• cargo check passes
• cargo clippy -- -D warnings passes
• cargo test — all 140 tests pass
• npm audit — 0 vulnerabilities

[Copilot]

Pull request overview

Updates project dependencies across the Node tooling and Rust workspace to newer versions, primarily by bumping jarmuz/lodash and actix-web-lab, with corresponding lockfile updates.

Changes:

• Bump Node devDependencies: jarmuz to ^0.10.0 and lodash to ^4.17.23.
• Refresh package-lock.json to reflect updated Node dependency graph (notably glob/minimatch/tar chain changes).
• Bump Rust workspace dependency actix-web-lab to 0.26 and update Cargo.lock accordingly.

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates Node devDependency versions (jarmuz, lodash).
package-lock.json	Lockfile refresh reflecting new Node dependency tree and versions.
Cargo.toml	Bumps Rust dependency actix-web-lab to 0.26 in workspace deps.
Cargo.lock	Lockfile updates for actix-web-lab and transitive Rust deps.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.