fix(deps): npm audit fix — clear all 6 vulnerabilities

[muhammadkh4n]

Summary

• Resolves 2 HIGH (protobufjs <=7.5.5 — 7 CVEs: overlong UTF-8, DoS, code injection, prototype injection, code-gen gadget, unbounded recursion)
• Resolves 4 moderate (hono <=4.12.17 JWT/cache, ip-address <=10.1.0 XSS, express-rate-limit transitive)
• All updates within existing semver ranges — lockfile only, zero risk

Before → After

npm audit: 6 vulnerabilities (4 moderate, 2 high) → 0 vulnerabilities

Test plan

• CI passes (lockfile-only change, no code affected)
• npm audit confirms 0 vulnerabilities

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9cc74774-5db0-4be9-ad39-e401064a30d1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch vps-agent/audit-fix-2026-05-13

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}