chore: fix dev dependency security vulnerabilities

Update eslint ecosystem to fix:
- @eslint/plugin-kit ReDoS (CVE in ConfigCommentParser)
- brace-expansion ReDoS
- js-yaml prototype pollution in merge

Updated versions:
- eslint: 9.13.0 → 9.39.1
- typescript-eslint: 8.11.0 → 8.48.1

Author: felixweinberger