fix: vulnerable dep expr-eval-fork

[jorenbroekema]

@six7 it seems I have adopted expr-eval lib via a fork now and I've been getting a lot of security CVEs raised on it. Worked a fair bit with some of the security researchers behind it to get it fixed on my fork (since origin is fully abandoned).

I think a fair amount of the expr-eval-fork users are via sd-transforms actually, so this'll need a bump now that it's fixed.
Not sure if the NPM token is still valid, you may need to refresh it in NPM and update in this repo settings -> actions secrets

FYI: I also had NPM audit fix a couple of other vulnerable dev deps via pkg lock

[changeset-bot]

🦋 Changeset detected

Latest commit: bc0d51c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@tokens-studio/sd-transforms	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR