Jamesdemery/bb2 4552 update axios ajv brace expansion

[JamesDemeryNava]

…api-extractor to address security vulnerabilities

JIRA Ticket:
BB2-4552

What Does This PR Do?

Updates a few packages (shown below), to address security vulnerabilities:

• ajv (ensure at least 8.18.0 is used)
• axios (ensure at least 1.13.6 is used)
• @isaacs/brace-expansion (ensure at least 5.0.1 is used, if anything is shown. After updating @microsoft/api-extractor, @isaacs/brace-expansion no longer showed up in package-lock.jso)

Also updated @microsoft/api-extractor was updated as well, as there were some high risk vulnerabilities shown that were associated with that package. For that package, making sure at least 7.57.6 is used

What Should Reviewers Watch For?

If you're reviewing this PR, please check for these things in particular:

Validation

• Can you successfully build the sample-client with the updated sdk code and go through the authorize flow?
• If you run the following from the project root (after removing package-lock.json and then running npm install), do you see the correct versions?
  • npm ls ajv (
  • npm ls axios (1.13.6)
  • npm ls @isaacs/brace-expansion (5.0.1, if anything is shown. After updating @microsoft/api-extractor, @isaacs/brace-expansion no longer showed up in package-lock.jso)
  • npm ls @microsoft/api-exractor (7.57.6)
• Run yarn test and make sure all tests pass

What Security Implications Does This PR Have?

Please indicate if this PR does any of the following:

• Adds any new software dependencies
• Modifies any security controls
• Adds new transmission or storage of data
• Any other changes that could possibly affect security?

• Yes, one or more of the above security implications apply. This PR must not be merged without the ISSO or team security engineer's approval.

[sb-DarenDean]

@JamesDemeryNava, this looks good to me. Once another engineer review and approved, I am GTG.

cc: @sb-benohe