ci: add path-to-regexp override for CVE-2026-4867

Override path-to-regexp to ^0.1.13 to fix ReDoS vulnerability.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: pranavjain97

package-lock.json

@@ -141,6 +141,7 @@
     "serialize-javascript": "^7.0.3",
     "@isaacs/brace-expansion": "^5.0.1",
     "underscore": "^1.13.8",
+    "path-to-regexp": "^0.1.13",
     "tough-cookie": "^4.1.3",
     "validator": "^13.15.22",
     "node-forge": "^1.3.2",