fix: Vite CVEs - add vite resolution >=6.4.1 [cari]

[s0nny78]

Summary

• Adds resolutions for vite to ^6.4.1
• Forces vitest's transitive vite dependency to patched version

CVEs Addressed

• CVE-2025-62522
• CVE-2025-58752
• CVE-2025-58751
• CVE-2025-46565
• CVE-2025-32395
• CVE-2025-31486
• CVE-2025-31125
• CVE-2025-30208

Test plan

• yarn install succeeds
• Verified vite@6.4.1 in lockfile

[SQD-1038]

🤖 Generated with Claude Code

---

Note

Security/Deps

• Adds resolutions to pin vite to ^6.4.1 and updates lockfile to that version
• Refreshes dependencies in yarn.lock (notably rollup@4.55.2, @types/estree@1.0.8, new fdir, tinyglobby, picomatch@^4) with updated platform-specific rollup binaries

Package metadata

• Simplifies package.json bin declaration to a single path ("bin": "./dist/index.js")

^{Written by Cursor Bugbot for commit 760682c. Configure here.}

[linear]

SQD-1038 CVE-Vite-Consolidated: Remediate all Vite server.fs.deny bypass vulnerabilities

[changeset-bot]

⚠️ No Changeset found

Latest commit: f6ce85b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[s0nny78]

Hey @timgent - Could you please review this PR when you get a chance? Let me know if you have any questions. Thanks!