build(deps): pin patched transitive dependency versions (#36)

Add pnpm overrides for vulnerable transitive npm packages and regenerate\nlockfile resolution to patched versions.\n\nAlso update Cargo.lock to quinn-proto 0.11.14 to address the\nopen Rust Dependabot advisory path.\n\nValidation included pnpm audit (remaining: elliptic with no upstream\npatched version) and lockfile/version verification.

Co-authored-by: Jo D <dev-jodee@users.noreply.github.com>

Author: dev-jodee

Cargo.lock

@@ -50,7 +50,18 @@
     "packageManager": "pnpm@10.15.1+sha512.34e538c329b5553014ca8e8f4535997f96180a1d0f614339357449935350d924e22f8614682191264ec33d1462ac21561aff97f6bb18065351c162c7e8f6de67",
     "pnpm": {
         "overrides": {
-            "diff": ">=4.0.4"
+            "diff": ">=4.0.4",
+            "ajv@^6.0.0": "6.14.0",
+            "brace-expansion@^1.1.7": "1.1.13",
+            "flatted@^3.0.0": "3.4.2",
+            "handlebars@^4.0.0": "4.7.9",
+            "h3@^1.0.0": "1.15.9",
+            "lodash@^4.0.0": "4.17.23",
+            "minimatch@^3.0.0": "3.1.4",
+            "minimatch@^9.0.0": "9.0.7",
+            "picomatch@^2.0.0": "2.3.2",
+            "picomatch@^4.0.0": "4.0.4",
+            "socket.io-parser@^4.0.0": "4.2.6"
         }
     }
-}
+}