security fixes

[aleks-pro]

1. package-lock.json added
2. npm install -> npm ci
3. vulnerable dependencies fixed

[Copilot]

Pull request overview

This PR implements security fixes by adding package-lock.json, switching from npm install to npm ci in CI/CD, and updating vulnerable dependencies (inquirer 6.2.0→^13.1.0, eslint 5.8.0→^9.39.2).

Key changes:

• Added package-lock.json with lockfileVersion 3
• Updated inquirer from 6.2.0 to ^13.1.0 (major version jump)
• Updated eslint from 5.8.0 to ^9.39.2 (dev dependency, major version jump)
• Changed repository URL from inikulin/publish-please to DevExpress/publish-please

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 2 comments.

File	Description
package.json	Updated inquirer and eslint to newer versions; updated repository URL
package-lock.json	Added new lockfile with all dependencies locked to specific versions
.gitignore	Removed package-lock.json exclusion to track it in version control
.github/workflows/publish.yml	Changed from npm install to npm ci for deterministic builds

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The inquirer package has been updated from version 6.2.0 to ^13.1.0, which is a major version jump (7 major versions). This change introduces significant breaking changes as inquirer version 13 requires Node.js version 20.12.0 or later (as seen in package-lock.json line 1901), but the package.json still specifies "node": ">=6.0.0" in the engines field. This mismatch will cause installation failures on older Node versions that are still technically supported according to package.json.

[Copilot]

The mute-stream dependency (used by inquirer 13.1.0) requires Node.js version 20.17.0 or 22.9.0 or later (line 4424 in package-lock.json), which is even more restrictive than inquirer's requirement. This further conflicts with the package.json engines field that specifies "node": ">=6.0.0".