chore: update to glob v10.5.0 and js-yaml v4.1.1

[anderson-suga]

PR Checklist

• Addresses an existing open issue: fixes 🐛 Bug: mocha's runtime dependency glob is reported as vulnerable by npm audit #5534
• That issue was marked as status: accepting prs
• Steps in CONTRIBUTING.md were taken

Overview

This PR updates the following dependencies to patch security vulnerabilities:

• glob: upgraded to ^10.5.0
• js-yaml: upgraded to ^4.1.1

Motivation

These updates are required to resolve open CVEs found in the previous versions of these packages.

• glob: GHSA-5j98-mcp5-4vw2
• js-yaml: GHSA-mh29-5h37-fv8m

[pdeveltere]

let's get this merged asap 🙏🏽 ❤️

[mark-wiemer]

• For glob, "Library Safe: The core glob library API (glob(), globSync(), streams/iterators) is not affected", so this isn't necessary.
• For js-yaml, "All users who parse untrusted yaml documents may be impacted.". Mocha only parses YAML that the user provides to it, so there is no need for us to update.

I appreciate the lookout for security concerns, but unfortunately a lot of alerts are false positives. Please comment in the relevant issue if you think these changes are still necessary.