chore(deps): bump e2e fixture manifests

Closes the three open Dependabot PRs against the e2e test fixtures
used by the Socket scan / reachability validation suite:

- tests/e2e/fixtures/simple-npm:  axios    1.15.0 -> 1.15.2  (closes #196)
- tests/e2e/fixtures/simple-pypi: requests 2.31.0 -> 2.33.0  (closes #187)
- tests/e2e/fixtures/simple-pypi: flask    3.0.0  -> 3.1.3   (closes #186)

These fixtures were stale rather than intentionally pinned, so it's
safe to bring them current. Socket Firewall verified install paths
for both manifests:
- npm fixture: 228 packages fetched clean
- pypi fixture: install path clean

Going forward, the new .github/dependabot.yml in this PR intentionally
excludes the tests/e2e/fixtures/** paths from auto-bumping -- fixture
pins should be chosen for the supply-chain signal they expose, not
auto-rolled.

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>

Author: lelia

tests/e2e/fixtures/simple-npm/package.json

@@ -6,7 +6,7 @@
   "dependencies": {
     "lodash": "4.18.1",
     "express": "4.22.0",
-    "axios": "1.15.0"
+    "axios": "1.15.2"
   },
   "devDependencies": {
     "typescript": "5.0.4",

tests/e2e/fixtures/simple-pypi/requirements.txt

@@ -1,3 +1,3 @@
-requests==2.31.0
-flask==3.0.0
+requests==2.33.0
+flask==3.1.3
 pyyaml==6.0.1