chore(deps): refresh lockfiles to pull in-range security patches (#2744)

Regenerate root and example lockfiles so transitive dependencies resolve
to their highest in-range (patched) versions, clearing Dependabot alerts
for ws, minimatch (3/8/9/10.x), picomatch (2/4.x), node-forge,
@xmldom/xmldom, flatted, js-yaml 4.x, @isaacs/brace-expansion and @babel/core.

All are dev / example transitive dependencies; none are runtime
dependencies of the published package (which ships only `lib`).

js-yaml 3.x and uuid 7.x are not bumped: their parents pin a major below
the patched release, so they can't be upgraded without breaking them.

Author: kesha-antonov