Chore: resolve vulnerabilities in NPM dependencies

[imrraaj]

What

This PR fixes security vulnerabilities reported by Dependabot and npm audit by running npm audit fix.

Why

Fixes dependabot alerts

How

Testing Instructions

Screenshots

Additional Info

Checklist

• I have read the Contribution Guidelines.
• I have read the Development Guidelines.
• My code is tested to the best of my abilities.
• My code passes all lints (ESLint etc.).
• My code has detailed inline documentation.
• I have updated the project documentation as needed.

[Copilot]

Pull request overview

This PR addresses Dependabot/npm audit reported vulnerabilities by updating transitive NPM dependencies and bumps the plugin patch version to reflect the security-related dependency updates.

Changes:

• Updated package-lock.json to pull in non-vulnerable versions of transitive dependencies (e.g., fast-xml-parser, fast-xml-builder, flatted) and added path-expression-matcher.
• Bumped plugin version from 1.1.2 to 1.1.3 across WordPress plugin metadata and constants.
• Added a 1.1.3 entry to the changelog documenting the dependency updates.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
package-lock.json	Updates resolved versions/integrities for vulnerable transitive packages and introduces path-expression-matcher as a new transitive dependency.
oneupdate.php	Bumps plugin header version and ONEUPDATE_VERSION constant to 1.1.3.
readme.txt	Updates WordPress “Stable tag” to 1.1.3 to match the plugin version.
CHANGELOG.md	Adds 1.1.3 release notes for the vulnerability-driven dependency updates.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.