fix: upgrade brace-expansion to 5.0.5 to address CVE-2026-33750

Regenerate package-lock.json to resolve brace-expansion from 5.0.3 to
5.0.5, fixing Dependabot alert #20 (GHSA-f886-m6hf-6m8v).
Rebuild dist to include the patched dependency.

Co-Authored-By: David Konigsberg <davidakonigsberg@gmail.com>

Author: devin-ai-integration[bot]

dist/index.js

@@ -40261,7 +40261,7 @@ const slashPattern = /\\\\/g;
 const openPattern = /\\{/g;
 const closePattern = /\\}/g;
 const commaPattern = /\\,/g;
-const periodPattern = /\\./g;
+const periodPattern = /\\\./g;
 exports.EXPANSION_MAX = 100_000;
 function numeric(str) {
     return !isNaN(str) ? parseInt(str, 10) : str.charCodeAt(0);
@@ -40388,7 +40388,9 @@ function expand_(str, max, isTop) {
             const x = numeric(n[0]);
             const y = numeric(n[1]);
             const width = Math.max(n[0].length, n[1].length);
-            let incr = n.length === 3 && n[2] !== undefined ? Math.abs(numeric(n[2])) : 1;
+            let incr = n.length === 3 && n[2] !== undefined ?
+                Math.max(Math.abs(numeric(n[2])), 1)
+                : 1;
             let test = lte;
             const reverse = y < x;
             if (reverse) {