chore(deps): bump fast-csv 4 → 5 and unzipper 0.10 → 0.12 to clear deprecations

[senoff]

Two small prod-dep bumps that drop five npm install deprecation warnings in any project that takes @protobi/exceljs as a dependency. Companion to #60 (uuid bump).

Why

Anyone running npm install of a project that depends on @protobi/exceljs currently sees these warnings:

• inflight@1.0.6 (deprecated, leaks memory)
• rimraf@2.7.1 (pre-v4 unsupported)
• lodash.isequal@4.5.0 (deprecated; recommends node:util.isDeepStrictEqual)
• glob@7.2.3 (security advisories)
• fstream@1.0.12 (no longer supported)

All five trace back to two of exceljs's prod deps:

@protobi/exceljs
├── fast-csv@4.3.6
│   └── @fast-csv/format@4.3.5
│       └── lodash.isequal@4.5.0    ← warns
└── unzipper@0.10.14
    └── fstream@1.0.12               ← warns
        └── rimraf@2.7.1             ← warns
            └── glob@7.2.3           ← warns
                └── inflight@1.0.6   ← warns

What changes

• fast-csv 4.3.1 → 5.0.0 — fast-csv@5 dropped lodash.isequal in favour of the node:util.isDeepStrictEqual builtin. No API changes affecting exceljs's call sites.
• unzipper 0.10.11 → 0.12.3 — unzipper@0.12 replaced fstream with a streams-only path; the entire fstream → rimraf@2 → glob@7 → inflight chain falls out in one bump. No API changes affecting exceljs's call sites.

No source-code changes are required.

Validation

• Fresh npm install reproduces the dep tree shape shown above before the bumps; after the bumps the five listed warnings are gone (verified the prod-only tree with npm install --omit=dev).
• Round-trip smoke test:

  const wb1 = new Excel.Workbook();
  const ws = wb1.addWorksheet('Test');
  ws.getCell('A1').value = 'Hello';
  ws.getCell('B1').value = 42;
  ws.getCell('A2').value = { formula: 'A1' };
  const buf = await wb1.xlsx.writeBuffer();
  const wb2 = new Excel.Workbook();
  await wb2.xlsx.load(buf);          // OK: 'Hello', 42
  const csvBuf = await wb1.csv.writeBuffer();   // OK

  exercises both the unzipper read path and the fast-csv write path.

Companion to #60

Together with #60 (uuid bump), this clears six of the seven deprecation warnings consumers see on install. The remaining one (glob@10.5.0 via archiver-utils) needs a fix in the archiver project and is out of scope here — that's a notice from the third-party glob maintainer rather than an exceljs-tree issue.

Happy to split this into two separate PRs if you'd prefer to review them independently.

[senoff]

Ran the full headless test suite (npm run test:unit && npm run test:integration && npm run test:end-to-end) against this branch:

test:unit         884 passing,  1 pending
test:integration  200 passing
test:end-to-end     1 passing
                 ─────────────
                 1,085 passing, 0 failing

(Skipped test:jasmine — needs the browser harness which my local env doesn't have set up.)

So both bumps survive the existing suite cleanly with no source changes.

[senoff]

Regenerated per AGENTS.md guidance — split into two separate PRs per AGENTS.md Rule 8 (one concern per PR): fast-csv bump in PR #72, unzipper bump in PR #73. Closing this one in favor of the regenerated versions.