THRIFT-6016: Move jsdoc from dependencies to devDependencies in lib/ts

[Jens-G]

Summary

• jsdoc is a documentation generator and must not be a runtime dependency of the Thrift TypeScript library.
• Having it under dependencies caused taffydb (abandoned, HIGH) and lodash to be classified as production transitive dependencies, inflating the vulnerability surface of the published npm package.
• Moved jsdoc to devDependencies and regenerated package-lock.json; taffydb and lodash are now correctly classified as dev-only.

Test plan

• Verify npm install --omit=dev in lib/ts no longer installs jsdoc, taffydb, or lodash.
• Verify npm install (with devDependencies) still succeeds and doc generation via grunt jsdoc still works.
• Confirm Dependabot alerts Address FindBugs errors (THRIFT-2239) #61 (taffydb) and THRIFT-2753 Haxe support (part 2) #229 (lodash HIGH) are resolved or reclassified after merge.

Related

• THRIFT-6017: Upgrade jsdoc 3.6 → 4.x (eliminates taffydb entirely)
• THRIFT-6018: Remove phantom/phantomjs-prebuilt from lib/ts
• THRIFT-6019: Replace html-validator-cli in root package
• THRIFT-6020: Address remaining transitive npm vulnerabilities

🤖 Generated with Claude Code