chore: resolve dependabot security alerts

[MarshallOfSound]

Safe-only sweep of open Dependabot security alerts. All changes are lockfile-only (yarn up -R within existing semver ranges) — no package.json edits and no resolutions entries.

Resolved

Package	Strategy	Version change
brace-expansion	yarn up -R	2.0.1 → 2.0.3
picomatch	yarn up -R	4.0.3 → 4.0.4
minimatch (v3)	yarn up -R	3.1.2 → 3.1.5
minimatch (v9)	yarn up -R	9.0.5 → 9.0.9
minimatch (v10)	yarn up -R	10.0.1 → 10.2.4
minimatch (~3.0.3 pin)	yarn up -R @microsoft/api-extractor	removed (api-extractor 7.57.7 pins minimatch@10.2.3)
glob (v10)	yarn up -R	10.4.5 → 10.5.0
glob (v11)	yarn up -R	11.0.2 → 11.1.0
@microsoft/api-extractor	yarn up -R (parent refresh)	7.52.8 → 7.57.7

Resolves 10 of 12 open alerts.

Flagged (not changed)

Package	Reason
lodash (2 alerts, via @microsoft/api-extractor)	Patched version 4.18.0 was published 2026-03-31 and is blocked by npmMinimalAgeGate: 10080; the parent also pins ~4.17.x. Revisit once the age gate window passes and api-extractor@>=7.58.1 (which depends on ~4.18.1) clears the gate.

Notes

• yarn install --immutable passes.
• The existing @types/node peer warning predates this change.
• This was a safe-only sweep — no major bumps of direct deps, no resolutions overrides, no code changes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​microsoft/​api-extractor@​7.52.8 ⏵ 7.57.7	-2		+1

View full report

[electron-npm-package-publisher]

🎉 This PR is included in version 2.1.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀