Upgrade targeted lockfile dependencies in rnllama and wasm test

[Copilot]

Summary

Updates the two requested lockfiles to bump vulnerable/transitively constrained packages with minimal scope: ajv and minimatch in rnllama, and minimatch in extension/wasm/test.
Also updates react-server-dom-webpack in rnllama to the nearest published patch (19.0.4), since 10.0.4 is not available in npm.

• examples/demo-apps/react-native/rnllama/yarn.lock

  • ajv 8.17.1 → 8.18.0
  • minimatch 9.0.5 → 10.2.1
  • react-server-dom-webpack 19.0.3 → 19.0.4
  • Added/updated required transitive entries for the minimatch bump:
    • brace-expansion@^5.0.2
    • balanced-match@^4.0.2
  • Updated dependent range references to keep lockfile resolution consistent.

• extension/wasm/test/yarn.lock

  • minimatch 9.0.5 → 10.2.1
  • Added/updated transitive entries:
    • brace-expansion@^5.0.2
    • balanced-match@^4.0.2
  • Updated dependent range references for consistent lock resolution.

# representative lockfile change
minimatch@^10.2.1:
  version "10.2.1"
  dependencies:
    brace-expansion "^5.0.2"

Test plan

• cd examples/demo-apps/react-native/rnllama && yarn install --frozen-lockfile --ignore-scripts
• cd extension/wasm/test && yarn install --frozen-lockfile --ignore-scripts (retains pre-existing on-headers integrity mismatch unrelated to this change)

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/17605

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❌ 4 New Failures, 2 Unrelated Failures

As of commit bebf007 with merge base 20f9719 ():

NEW FAILURES - The following jobs have failed:

• pull / test-mediatek-models-linux / linux-job (gh)
  RuntimeError: Command docker exec -t 50b962ddbeaeb9cf393d607a5514add86ce91c8343f19ac5174a3ff74d64651a /exec failed with exit code 2
• pull / test-openvino-linux / linux-job (gh)
  RuntimeError: Command docker exec -t 29bd016faa65c7a6c148811337f56861b12976b1c224277dbf9deb781687eb83 /exec failed with exit code 1
• pull / unittest-arm-backend-with-no-deps (test_pytest_ops_tosa) / linux-job (gh)
  RuntimeError: Command docker exec -t 4e1d9cc0b77c73a039d7b6387245a4c28e09c9efeb8b15f9ec513b763d2ee1aa /exec failed with exit code 1
• pull / unittest-buck / linux / linux-job (gh)
  RuntimeError: Command docker exec -t 0dc89c91319ea98712e0b3f74392d533191af34c7f3ab8f5c48564f6f0c65601 /exec failed with exit code 3

FLAKY - The following job failed but was likely due to flakiness present on trunk:

• pull / unittest-wasm-bindings (--enable-etdump) / linux-job (gh) (detected as infra flaky with no log or failing log classifier)

BROKEN TRUNK - The following job failed but was present on the merge base:

👉 Rebase onto the `viable/strict` branch to avoid these failures

• pull / unittest-buck / macos / macos-job (gh) (trunk failure)
  RuntimeError: Command bash /Users/ec2-user/runner/_work/_temp/exec_script failed with exit code 3

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

[Copilot]

Copilot wasn't able to review any files in this pull request.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.