Fix Vanta-reported vulnerabilities

[calavera]

Automated remediation for Vanta-reported source repository vulnerabilities.

Vulnerabilities:

• CVE-2026-33672 (69d2cf107ffd455ec81b9204) severity=MEDIUM package=npm-picomatch >= 4.0.0, < 4.0.4 fixedVersion=4.0.4
• GHSA-67mh-4wv8-2f99 (69d2cf107ffd455ec81b9207) severity=MEDIUM package=npm-esbuild <= 0.24.2 fixedVersion=0.25.0
• CVE-2026-39365 (69d572007ffd455ec84373ce) severity=MEDIUM package=npm-vite <= 6.4.1 fixedVersion=6.4.2
• CVE-2026-39365 (69dffe0fc49233af505b3558) severity=MEDIUM package=npm-vite <= 6.4.1 fixedVersion=6.4.2
• GHSA-67mh-4wv8-2f99 (69dffe0fc49233af505b355b) severity=MEDIUM package=npm-esbuild <= 0.24.2 fixedVersion=0.25.0
• CVE-2026-41305 (69ebdbaf65ca9c2adadfe85d) severity=MEDIUM package=npm-postcss < 8.5.10 fixedVersion=8.5.10
• CVE-2026-41305 (69ebdbaf65ca9c2adadfe862) severity=MEDIUM package=npm-postcss < 8.5.10 fixedVersion=8.5.10
• CVE-2026-45409 (6a0d17c7bc1dc504a41f305b) severity=MEDIUM package=pip-idna < 3.15 fixedVersion=3.15
• CVE-2026-45736 (6a0d886fbc1dc504a479799a) severity=MEDIUM package=npm-ws >= 8.0.0, < 8.20.1 fixedVersion=8.20.1
• CVE-2026-45736 (6a0d886fbc1dc504a479799b) severity=MEDIUM package=npm-ws >= 8.0.0, < 8.20.1 fixedVersion=8.20.1
• GHSA-3pv8-6f4r-ffg2 (6a1a46d5bc1dc504a4bd8b1c) severity=MEDIUM package=rust-tar <= 0.4.45 fixedVersion=0.4.46
• CVE-2026-47429 (6a2775a862e224030907ef67) severity=CRITICAL package=npm-vitest < 3.2.6 fixedVersion=3.2.6
• CVE-2026-47429 (6a2775a862e224030907ef68) severity=CRITICAL package=npm-vitest < 3.2.6 fixedVersion=3.2.6
• GHSA-g7r4-m6w7-qqqr (6a2cbbd77e098647ce29831d) severity=LOW package=npm-esbuild >= 0.27.3, < 0.28.1 fixedVersion=0.28.1
• GHSA-g7r4-m6w7-qqqr (6a2cbbd77e098647ce298322) severity=LOW package=npm-esbuild >= 0.27.3, < 0.28.1 fixedVersion=0.28.1
• GHSA-chgr-c6px-7xpp (6a2cbbd77e098647ce298323) severity=MEDIUM package=rust-pyo3 < 0.29.0 fixedVersion=0.29.0
• GHSA-36hh-v3qg-5jq4 (6a2cbbd77e098647ce298328) severity=HIGH package=rust-pyo3 < 0.29.0 fixedVersion=0.29.0
• CVE-2026-53632 (6a30b05a7e098647ceb02fd7) severity=MEDIUM package=npm-vite <= 6.4.2 fixedVersion=6.4.3
• CVE-2026-53571 (6a30b05a7e098647ceb02fdb) severity=HIGH package=npm-vite <= 6.4.2 fixedVersion=6.4.3
• CVE-2026-53550 (6a30b05a7e098647ceb02fdf) severity=MEDIUM package=npm-js-yaml <= 4.1.1 fixedVersion=4.2.0
• CVE-2026-48779 (6a30b05a7e098647ceb02fe3) severity=HIGH package=npm-ws >= 8.0.0, < 8.21.0 fixedVersion=8.21.0
• CVE-2026-53632 (6a30b05a7e098647ceb02fe7) severity=MEDIUM package=npm-vite <= 6.4.2 fixedVersion=6.4.3
• CVE-2026-53571 (6a30b05a7e098647ceb02feb) severity=HIGH package=npm-vite <= 6.4.2 fixedVersion=6.4.3
• CVE-2026-53550 (6a30b05a7e098647ceb02fed) severity=MEDIUM package=npm-js-yaml <= 4.1.1 fixedVersion=4.2.0
• CVE-2026-48779 (6a30b05a7e098647ceb02fef) severity=HIGH package=npm-ws >= 8.0.0, < 8.21.0 fixedVersion=8.21.0
• CVE-2026-9697 (6a3515627e098647ce54921a) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
• CVE-2026-9678 (6a3515627e098647ce54921f) severity=MEDIUM package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
• CVE-2026-9675 (6a3515627e098647ce549222) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
• CVE-2026-9697 (6a3515627e098647ce549224) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
• CVE-2026-9678 (6a3515627e098647ce54922a) severity=MEDIUM package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
• CVE-2026-9675 (6a3515627e098647ce54922d) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0

Please review the generated changes and CI results before merging.