Fix-CVEs : Update dependencies in bun.lock file to latest versions.

[Devlopali-dev]

Security: resolve 53 of 58 CVEs

Upgrades and overrides to patch known vulnerabilities across the dependency tree.

Direct updates (bun update):

• svelte 5.43 → 5.56.3 — fixes 7 SSR XSS CVEs
• @sveltejs/kit 2.49 → 2.65.1 — fixes DoS / SSRF / memory amplification
• music-metadata 11.10 → 11.13.0 — fixes infinite loop in ASF parser

Vite 5 → 6.4.3 + @sveltejs/vite-plugin-svelte 4 → 5:

• Patches path traversal, UNC path disclosure, and optimized deps map handling

overrides in package.json (transitive deps):

• rollup ^4.62.0 — arbitrary file write via path traversal
• esbuild ^0.28.1 — missing binary integrity verification
• postcss ^8.5.10 — XSS via unescaped </style> in CSS output
• yaml ^1.10.3 — stack overflow on deeply nested collections
• cookie ^0.7.0 — out-of-bounds characters in cookie fields
• glob ^10.5.0 — CLI command injection via -c/--cmd
• immutable ^5.1.6 — prototype pollution
• svgo ^4.0.0 — billion laughs DoS via DOCTYPE entity expansion

5 remaining (won't fix): minimatch@9.0.5 ReDoS + brace-expansion@1.1.12 DoS, both deeply nested in eslint/tailwindcss internals.
Input is trusted local filesystem paths — not exploitable. Requires upstream fix in @eslint/eslintrc or glob.