chore(deps): clear all 27 advisories via fastify 5, vite 6, transitive overrides

Direct bumps: ws 8.21.0, vitest 3.2.6 (critical UI-server RCE), js-yaml 4.2.0. Root pnpm.overrides: hono, undici, qs, fast-uri, react-router(-dom), @babel/core, range-scoped esbuild, and a global vite pin (forces vitest onto Vite 6). Major migrations with no code changes (API-audited): fastify 4 to 5 across server/coder/control/booterm (+@fastify/websocket 11, @fastify/static 9.1.1), vite 5 to 6 +@vitejs/plugin-react 4.7 in web. pnpm audit: no known vulnerabilities. Suites green: contracts 29, server 599, coder 589, control 175, ion 104.
2026-06-21 14:06:35 +00:00
parent 8bd32537cf
commit 046ed38734
10 changed files with 834 additions and 766 deletions
--- a/package.json
+++ b/package.json
@@ -14,5 +14,19 @@
  "license": "MIT",
  "dependencies": {
    "better-sqlite3": "^11.10.0"
+  },
+  "pnpm": {
+    "overrides": {
+      "hono@<4.12.25": "^4.12.25",
+      "undici@<7.28.0": "^7.28.0",
+      "qs@<6.15.2": "^6.15.2",
+      "fast-uri@<3.1.2": "^3.1.2",
+      "js-yaml@<4.2.0": "^4.2.0",
+      "react-router@<6.30.4": "^6.30.4",
+      "react-router-dom@<6.30.4": "^6.30.4",
+      "@babel/core@<7.29.6": "^7.29.6",
+      "esbuild@>=0.27.0 <0.28.1": "^0.28.1",
+      "vite@<6.4.3": "^6.4.3"
+    }
  }
 }