chore(deps): resolve Dependabot security alerts across npm and python

Bump vulnerable transitive npm deps (postcss, vite, lodash, brace-expansion,
picomatch, yaml, @tootallnate/once, smol-toml, flatted, minimatch) via
range-based pnpm overrides. Bump python-sdk dev deps in poetry.lock
(pytest 9.0.3, pytest-asyncio 1.3.0, python-dotenv 1.2.2, pygments 2.20.0,
requests 2.33.1, black 26.3.1). Remove now-unused ty:ignore directives that
pytest 9's stricter type signatures made obsolete.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: mishushakov

package.json

@@ -29,7 +29,21 @@
   "pnpm": {
     "overrides": {
       "@next/eslint-plugin-next>glob@*": "10.5.0",
-      "rollup@>=4": ">=4.59.0"
+      "rollup@>=4": ">=4.59.0",
+      "postcss@<8.5.10": "^8.5.10",
+      "vite@>=6.0.0 <6.4.2": "^6.4.2",
+      "lodash@<4.18.0": "^4.18.0",
+      "brace-expansion@>=2.0.0 <2.0.3": "^2.0.3",
+      "picomatch@<2.3.2": "^2.3.2",
+      "picomatch@>=4.0.0 <4.0.4": "^4.0.4",
+      "yaml@>=2.0.0 <2.8.3": "^2.8.3",
+      "@tootallnate/once@<3.0.1": "^3.0.1",
+      "smol-toml@<1.6.1": "^1.6.1",
+      "flatted@<3.4.2": "^3.4.2",
+      "minimatch@<3.1.3": "^3.1.3",
+      "minimatch@>=5.0.0 <5.1.8": "^5.1.8",
+      "minimatch@>=9.0.0 <9.0.7": "^9.0.7",
+      "minimatch@>=10.0.0 <10.2.3": "^10.2.3"
     }
   }
 }