refactor: Upgrading libs to fix vulnerabilities

[szanata]

Summary

Upgrading libs to fix vulnerabilities:

• package.json

  • vite: 7.3.3 → 8.0.16
  • removed vite-tsconfig-paths@6.1.1
  • vitest was already 4.1.5 on main, so you did not change that pin.

• pnpm-workspace.yaml

  • catalog pin changed:
    • undici: 8.1.0 → 8.5.0
  • added/updated overrides:
    • added @grpc/grpc-js
    • changed axios override from <1.15.2 -> >=1.15.2 to <1.16.0 -> >=1.16.1
    • added esbuild
    • added form-data
    • changed hono target from >=4.12.14 to >=4.12.25
    • added markdown-it
    • changed protobufjs overrides from <=7.5.7 -> >=7.5.8 to <=7.6.2 -> >=7.6.3, plus added 8.x <=8.5.0 -> >=8.6.0
    • removed old qs <=6.14.1 -> >=6.14.2, kept broader qs >=6.11.1 <=6.15.1 -> >=6.15.2
    • changed tar target from >=7.5.11 to >=7.5.16
    • changed ws target from >=8.20.1 to >=8.21.0

• vitest.config.js

  • replaced vite-tsconfig-paths plugin with Vite 8’s built-in resolve.tsconfigPaths: true.

• sdk/llm/package.json

  • only ordering changed for ai; no version change.

Vulnerabilities before:

33 vulnerabilities found
Severity: 3 low | 18 moderate | 12 high

Vulnerabilities after:

5 vulnerabilities found
Severity: 4 moderate | 1 high

Test plan

• Manually tested
• Updated unit tests