Fix vulnerabilities reported in `tools` Node.js scripts to resolve vulnerability scanner warnings

[GhisBntly]

See https://nvd.nist.gov/vuln/detail/CVE-2025-7783 The fix is to upgrade the dependency (picked by the scanner from tools/generate-classes/package-lock.json) to 2.5.4, 3.0.4, or 4.0.4. I would but I have no idea how this works, hopefully it is no big deal on your end ;^^ Thanks,

[azrogers]

All the scripts in the tools folder are run offline and shouldn't be subject to vulnerabilities when those libraries are used in servers, which this vulnerability seems to be. generate-classes is a code generation script for turning the glTF, 3D Tiles, and Quantized Mesh JSON schemas into C++ classes, so I think it would be difficult for someone to sneak malicious data into them that would be a risk to us. And, even if they did, any changes produced by those scripts would be subject to PR review before making it into main, which would hopefully catch any issues if they did come up.

However, I think it would be worth addressing the CVEs in the libraries used in the tools scripts, since they will cause concern when anyone runs a vulnerability scanner on the repo.