fix(security): upgrade path-to-regexp and remove stale resolutions

[PMerlet]

Upgrade path-to-regexp 8.3.0 → 8.4.1 to fix ReDoS vulnerabilities in production (mcp-server > express > router > path-to-regexp).

Remove 3 stale yarn resolutions that are no longer effective:

• lerna/js-yaml and @lerna/create/js-yaml (ineffective, caused warnings)
• lerna/**/glob (lerna deps already use glob 13.x natively)

Definition of Done

General

• Write an explicit title for the Pull Request, following Conventional Commits specification
• Test manually the implemented changes
• Validate the code quality (indentation, syntax, style, simplicity, readability)

Security

• Consider the security impact of the changes made

Note

Upgrade path-to-regexp and remove stale yarn resolutions

Removes stale resolution overrides for lerna/**/glob, lerna/js-yaml, and @lerna/create/js-yaml from package.json, retaining only the qs resolution. The yarn.lock is updated accordingly as part of the dependency upgrade.

^{Macroscope summarized 6b73818.}

[qltysh]

Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.