Fix remaining Dependabot security alerts (#2803)

## Summary
- **Rails example**: Upgrade Rails 7.1.5 → 7.2.3, bringing rack 2.2.14 →
3.2.5 and nokogiri 1.18.9 → 1.19.2. Fixes Active Storage path traversal,
Rack directory traversal/XSS, Active Support ReDoS/DoS/XSS, Action View
XSS, and Active Storage glob injection/DoS/content type bypass.
- **Django example**: Update sqlparse 0.5.0 → 0.5.3 (DoS fix for
formatting list of tuples)
- **VS Code extension**: Add flatted yarn resolution → 3.4.2 (prototype
pollution via parse() fix)

## Test plan
- [x] Verify `go build ./...` still passes (no Go changes, but
confirmed)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: John Lago <750845+Lagoja@users.noreply.github.com>