fix(deps): bump h3 and flatted overrides to fix security vulnerabilities

[BYK]

Bump pnpm.overrides floor versions to resolve 3 open Dependabot alerts:

Alert	Package	Severity	Vulnerability	Override Change
#188	flatted	HIGH	Prototype Pollution via parse() (CVE-2026-33228)	>=3.4.0 → >=3.4.2
#187	h3	HIGH	SSE Injection via unsanitized newlines (CVE-2026-33128)	>=1.15.5 → >=1.15.6
#186	h3	MEDIUM	Path Traversal via %2e%2e in serveStatic	>=1.15.5 → >=1.15.6

Both parent packages (flat-cache ^3.4.1, unstorage ^1.15.5) accept the patched versions via semver — no forced incompatible upgrades.

Resolved versions: flatted 3.4.2, h3 1.15.9

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
spotlightjs	Ready	Preview, Comment	Mar 20, 2026 0:34am

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

Bug Fixes 🐛

• (deps) Bump h3 and flatted overrides to fix security vulnerabilities by BYK in #1281

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

Codecov Results 📊

✅ Patch coverage is 100.00%. Project has 1348 uncovered lines.
✅ Project coverage is 76.31%. Comparing base (base) to head (head).

Files with missing lines (31)

File	Patch %	Lines
event.ts	52.61%	⚠️ 263 Missing
mcp.ts	65.91%	⚠️ 151 Missing
messageBuffer.ts	67.57%	⚠️ 120 Missing
docker-compose.ts	77.33%	⚠️ 85 Missing
utils.ts	31.71%	⚠️ 84 Missing
extras.ts	28.13%	⚠️ 69 Missing
debugLogging.ts	29.47%	⚠️ 67 Missing
utils.ts	75.28%	⚠️ 66 Missing
index.ts	24.59%	⚠️ 46 Missing
cors.ts	91.08%	⚠️ 39 Missing and 1 partials
logs.ts	28.85%	⚠️ 37 Missing
traces.ts	93.10%	⚠️ 33 Missing and 1 partials
userAgent.ts	52.63%	⚠️ 27 Missing
index.ts	80.47%	⚠️ 25 Missing
utils.ts	66.67%	⚠️ 23 Missing
errors.ts	75.53%	⚠️ 23 Missing
JsonViewer.tsx	71.62%	⚠️ 21 Missing
traces.ts	75.86%	⚠️ 21 Missing
processEnvelope.ts	86.67%	⚠️ 18 Missing
eventContainer.ts	78.05%	⚠️ 18 Missing
open.ts	42.86%	⚠️ 16 Missing
CodeViewer.tsx	54.55%	⚠️ 15 Missing
contentType.ts	66.67%	⚠️ 15 Missing
Attachment.tsx	90.00%	⚠️ 12 Missing and 1 partials
helpers.ts	70.27%	⚠️ 11 Missing
streaming.ts	76.09%	⚠️ 11 Missing
ShikiProvider.tsx	54.17%	⚠️ 11 Missing
AnsiText.tsx	91.00%	⚠️ 9 Missing
logger.ts	65.22%	⚠️ 8 Missing
logger.ts	87.50%	⚠️ 4 Missing and 1 partials
profileChunkProcessor.ts	100.00%	⚠️ 1 partials

Coverage diff

@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    76.31%    76.31%        —%
==========================================
  Files           47        47         —
  Lines         5690      5690         —
  Branches       611       611         —
==========================================
+ Hits          4342      4342         —
- Misses        1348      1348         —
- Partials         5         5         —

---

Generated by Codecov Action