Audit and update dependencies for known vulnerabilities

[BunsDev]

Problem

The project has 48 production dependencies and 16 dev dependencies that haven't been systematically audited. Outdated or vulnerable packages pose security and stability risks.

Scope

1. Vulnerability scan — Run pnpm audit and address findings
2. Outdated packages — Run pnpm outdated and update where safe
3. Unused dependencies — Identify and remove packages that are imported but unused (or not imported at all)
4. License check — Ensure all dependencies have compatible licenses for the project

Acceptance Criteria

• pnpm audit reports zero high/critical vulnerabilities
• All dependencies are on supported/maintained versions
• Unused dependencies are removed from package.json
• No breaking changes introduced — pnpm build and pnpm test pass
• Results documented in a comment on this issue for future reference

Notes

• Pay special attention to better-sqlite3 and sqlite-vec native module compatibility
• Consider pinning major versions for stability in package.json
• TypeScript 6.0.2 is very new — verify all type dependencies are compatible

🤖 Generated with Claude Code