fix: update vite to 8.0.5 to resolve high severity CVEs (CI npm audit fix)

[Copilot]

Vitest 4.1.2 (introduced by the dependabot dev-deps bump) pulls in vite 8.0.3 as a transitive dependency, which carries three high-severity CVEs and breaks npm audit --audit-level=moderate in CI.

Changes

• package-lock.json — pins vite from 8.0.3 → 8.0.5, the patched release addressing:
  • GHSA-4w7w-66w2-5vf9 — Path Traversal in Optimized Deps .map handling
  • GHSA-v2wj-q39q-566r — server.fs.deny bypass via query strings
  • GHSA-p9ff-h696-f583 — Arbitrary file read via dev server WebSocket

No source or test changes; this is a lock-file-only fix resolving the npm audit gate.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• dl.deno.land
  • Triggering command: /usr/bin/curl curl -s REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Copilot wasn't able to review any files in this pull request.

[kayodebristol]

Auto-approved: CI green + code review complete.