chore(deps): Update npm packages to remediate security vulnerabilities

[shukrikhalid]

Summary

• Updates project dependencies to newer compatible versions.
• Refreshes lockfile entries to pull in patched transitive packages.
• Remediates known vulnerabilities flagged by security scanning/audit.

Changes

• Updated dependency versions in package.json and package-lock.json.
• Pulled in patched transitive dependencies (including the proxy-agent/get-uri chain).
• No intended functional/API changes to the SDK behavior.

Verification

• Installed dependencies successfully.
• Ran tests and lint checks.
• Re-ran security audit and confirmed vulnerable packages were addressed.

Risk / Impact

• Low-to-medium risk, limited to dependency resolution/runtime compatibility.
• Main risk is transitive behavior changes from upstream packages.

Checklist

• Dependency updates applied
• Lockfile updated
• Tests/lint passed
• Security scan/audit reviewed

[Copilot]

Pull request overview

This PR updates npm dependencies (and the lockfile) to address reported security vulnerabilities, with minor test adjustments to accommodate upstream type/API changes (notably openid-client).

Changes:

• Bumped multiple runtime/dev dependency versions (e.g., openid-client, proxy-agent, thrift, lint/test tooling).
• Updated OAuth unit tests to match updated openid-client typings/exports.
• Added an npm overrides entry intended to force a patched transitive dependency version.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File	Description
tests/unit/connection/auth/DatabricksOAuth/OAuthManager.test.ts	Updates the Issuer test stub to include FAPI2Client for compatibility with newer openid-client types.
tests/unit/connection/auth/DatabricksOAuth/AuthorizationCode.test.ts	Adjusts a test double injection for createHttpServer after dependency/type updates.
package.json	Updates dependency versions and introduces an overrides rule for serialize-javascript.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[shukrikhalid]

serialize-javascript <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - GHSA-qj8w-gfj5-8c6v
fix available via npm audit fix --force
Will install mocha@7.2.0, which is a breaking change
node_modules/mocha/node_modules/serialize-javascript
mocha 8.0.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha

2 high severity vulnerabilities