Merge branch 'fix/security-vulnerabilities-feb-2026' into 'master'

fix(security): resolve CVE-2026-1615 (jsonpath/bfj) and CVE-2024-11831 (serialize-javascript)

Closes #680

See merge request postgres-ai/database-lab!1100

Author: agneum

ui/package.json

@@ -72,7 +72,8 @@
       "form-data@>=3.0.0 <3.0.4": ">=3.0.4",
       "form-data@<2.5.4": ">=2.5.4",
       "on-headers@<1.1.0": ">=1.1.0",
-      "tmp@<=0.2.3": ">=0.2.4"
+      "tmp@<=0.2.3": ">=0.2.4",
+      "bfj@<9.1.3": ">=9.1.3"
     }
   }
 }