chore: uuid vulnerability (#191)

* fixed uuid vulnerability TA-16394

* added Trivy ignores

* Ran `yarn upgrade react-native-builder-bob`, it fixed brace-expansion vulnerability. Development resource, business logic is not impacted, see https://github.com/callstack/react-native-builder-bob

* Ran `yarn upgrade` in the example folder for the example app. In package.json removed unused resolves.

---------

Co-authored-by: Luca Allievi <101414321+luca-gr4vy@users.noreply.github.com>

Author: GiordanoArman

.trivyignore

@@ -10,6 +10,12 @@ CVE-2025-27789
 
 CVE-2025-5889
 
+# activesupport (they are all denial of service vulnerabilities that do not apply to our case https://github.com/gr4vy/gr4vy-react-native/actions/runs/24998947756/job/73203426007?pr=191)
+
+CVE-2026-33169
+CVE-2026-33170
+CVE-2026-33176
+
 # image-size
 
 GHSA-m5qc-5hw7-8vg7

example/package.json

@@ -24,7 +24,7 @@
     "@babel/core": "^7.29.0",
     "@babel/preset-env": "^7.29.2",
     "@babel/runtime": "^7.29.2",
-    "@gr4vy/sdk": "^1.10.18",
+    "@gr4vy/sdk": "^2.0.33",
     "@react-native-community/cli": "18.0.1",
     "@react-native-community/cli-platform-android": "18.0.0",
     "@react-native-community/cli-platform-ios": "18.0.0",
@@ -36,9 +36,7 @@
     "dotenv": "^17.3.1"
   },
   "resolutions": {
-    "semver": "^7.6.3",
     "on-headers": "^1.1.0",
-    "qs": "^6.14.1",
     "fast-xml-parser": "^4.5.5",
     "picomatch": "^2.3.2"
   }