fix(deps): fix security vulnerability in @modelcontextprotocol/sdk

[piyushsinghgaur1]

fix security vulnerability in @modelcontextprotocol/sdk

[sonarqubecloud]

SonarQube reviewer guide

Summary: Updates package-lock.json with dependency upgrades across multiple LoopBack packages, supporting libraries, and development tools, including critical updates to loopback-datasource-juggler (v5→v6) and numerous minor version bumps.

Review Focus: This is a large dependency update with several important changes to monitor:

• Major version bump of loopback-datasource-juggler (5.2.2 → 6.0.2+) affecting @loopback/repository and @loopback/service-proxy - verify compatibility with existing data layer code
• Updates to @modelcontextprotocol/sdk and related packages (express, express-rate-limit) - test MCP integration thoroughly
• Replacement of swagger-stats with swagger-stats-sf (0.99.7 → 0.99.9) - confirm monitoring/metrics functionality unchanged
• Removal of @isaacs/balanced-match and @isaacs/brace-expansion in favor of standard brace-expansion - verify no breaking changes in glob patterns
• Multiple minimatch version bumps across different dependency trees

Start review at: package-lock.json focusing on the @loopback/repository section and its dependency chain. This is critical because loopback-datasource-juggler's major version change is the most significant structural change in this update, and

💬 Please send your feedback

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[yeshamavani]

🎉 This PR is included in version 1.0.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀