fix: bump yaml to 1.10.3 to address CVE-2026-33532

[lfarrel6]

Linear Issue: COM-126

CVE Summary: CVE-2026-33532 | GHSA-48c2-rrv3-qjmp

The yaml npm package (versions ≥1.0.0, <1.10.3) performs unbounded recursive calls during its compose/resolve phase. An attacker supplying a deeply-nested YAML document can exhaust the Node.js call stack and trigger a RangeError: Maximum call stack size exceeded.

CVSS Score: 4.3 (Medium)

SLA Deadline: 2026-05-26T09:41:26.272Z

Fixed in: yaml@1.10.3

Affected File: examples/react_admin/frontend/package-lock.json

Transitive Dependency Chain:

react-admin (direct dep)
  └─ @emotion/react@11.13.0
       └─ @emotion/babel-plugin@11.12.0
            └─ babel-plugin-macros@3.1.0
                 └─ cosmiconfig@7.1.0
                      └─ yaml@1.10.2 ← VULNERABLE

Remediation: Added npm overrides field to force yaml@1.10.3 resolution and regenerated lock file.

Exposure: Build-time only. No runtime or user-facing exposure. The vulnerability is confined to the development/build phase.

Dependabot Alert: https://github.com/evervault/sea-orm/security/dependabot/176