chore(deps): patch all 54 Dependabot security alerts

Bumped pnpm overrides and direct deps to address open Dependabot
alerts (1 critical, 25 high, 26 moderate, 2 low). Highlights:

- simple-git >=3.32.3 (CRITICAL - bypass enabling RCE)
- @angular/{core,compiler} ^19.2.20 (XSS in i18n)
- hono ^4.12.7, @hono/node-server >=1.19.10 (multiple)
- vite ^7.3.2, undici ^7.24.0 (multiple)
- next >=15.5.14, fastify >=5.8.3, elysia >=1.4.27
- h3 >=1.15.9, defu >=6.1.5, srvx >=0.11.13
- tar >=7.5.11, node-forge >=1.4.0, picomatch >=4.0.4
- path-to-regexp >=8.4.0, serialize-javascript >=7.0.5
- lodash >=4.18.1, brace-expansion >=5.0.5, immutable >=5.1.5
- svgo >=4.0.1, file-type, unhead, devalue, yaml >=2.8.3

Also bumped:
- vitest in @logtide/cli and @logtide/sdk-node from 1.x/2.x to ^3.0.0
  to be compatible with the newer vite required by the override
- elysia/file-type pinned as direct devDep in @logtide/elysia to
  upgrade an auto-installed peer that overrides cannot reach

Verification: pnpm audit clean (no known vulnerabilities), pnpm build,
pnpm test (316 tests across 13 packages), and pnpm typecheck all green.

Author: Polliog

package.json

@@ -16,20 +16,42 @@
   },
   "pnpm": {
     "overrides": {
-      "tar": ">=7.5.8",
+      "tar": ">=7.5.11",
       "esbuild": ">=0.25.0",
       "webpack": ">=5.104.1",
       "cookie": ">=0.7.0",
       "minimatch": ">=10.2.3",
       "rollup": ">=4.59.0",
       "ajv": ">=8.18.0",
       "qs": ">=6.14.2",
-      "devalue": ">=5.6.3",
-      "hono": "^4.11.10",
-      "@angular/core": "^19.2.19",
+      "devalue": ">=5.6.4",
+      "hono": "^4.12.7",
+      "@angular/core": "^19.2.20",
+      "@angular/compiler": "^19.2.20",
       "@sveltejs/kit": "^2.52.2",
       "svelte": "^5.53.5",
-      "nanotar": "^0.2.1"
+      "nanotar": "^0.2.1",
+      "simple-git": ">=3.32.3",
+      "@hono/node-server": ">=1.19.10",
+      "defu": ">=6.1.5",
+      "elysia": ">=1.4.27",
+      "h3": ">=1.15.9",
+      "immutable": ">=5.1.5",
+      "lodash": ">=4.18.1",
+      "node-forge": ">=1.4.0",
+      "path-to-regexp": ">=8.4.0",
+      "picomatch": ">=4.0.4",
+      "serialize-javascript": ">=7.0.5",
+      "svgo": ">=4.0.1",
+      "undici": "^7.24.0",
+      "vite": "^7.3.2",
+      "brace-expansion": ">=5.0.5",
+      "fastify": ">=5.8.3",
+      "file-type": ">=21.3.2",
+      "next": ">=15.5.14",
+      "srvx": ">=0.11.13",
+      "unhead": ">=2.1.11",
+      "yaml": ">=2.8.3"
     }
   }
 }

packages/cli/package.json

@@ -46,7 +46,7 @@
     "@types/node": "^20.14.15",
     "tsup": "^8.5.1",
     "typescript": "^5.5.4",
-    "vitest": "^2.1.8"
+    "vitest": "^3.0.0"
   },
   "engines": {
     "node": ">=18.0.0"

packages/elysia/package.json

@@ -51,6 +51,7 @@
   "devDependencies": {
     "@sinclair/typebox": "^0.34.48",
     "elysia": "^1.2.0",
+    "file-type": "^22.0.0",
     "tsup": "^8.5.1",
     "typescript": "^5.5.4"
   }

packages/node/package.json

@@ -78,7 +78,7 @@
     "fastify-plugin": "^4.5.1",
     "tsup": "^8.5.1",
     "typescript": "^5.5.4",
-    "vitest": "^1.6.0"
+    "vitest": "^3.0.0"
   },
   "peerDependencies": {
     "express": "^4.0.0 || ^5.0.0",