chore(deps+security): clear 2026-06-12 CVE backlog + install security stack

[zeug-zz]

Summary

Clears 1 CRITICAL + 10 HIGH + 21 MODERATE dependency CVEs to 0/0/0 across 530 packages, and installs the security stack (Gitleaks + pre-commit + Dependabot + weekly CI + Makefile + SHA-pinned actions).

Why

Routine audit (2026-06-12) found:

• [email protected] CRITICAL — UI server arbitrary file read+exec when port exposed
• [email protected] (runtime, ships in VSIX) — 8 XSS-bypass CVEs across marked output sanitization
• 10 HIGH transitive CVEs in undici, vite, picomatch, lodash, fast-uri, tmp
• No security CI gate, no pre-commit hooks, no Dependabot, no SHA-pinned actions

Changes

Dependency upgrades (pnpm)

Package	From	To	Scope
dompurify	^3.3.1	^3.4.0	runtime (webview)
vitest	^4.0.18	^4.1.8	devDep
vite	^6.0.0	^7.3.5	devDep
@vscode/vsce	^3.7.1	^3.9.2	devDep

Added pnpm.overrides in root package.json to force patched versions of undici, picomatch, lodash, fast-uri, postcss, uuid, qs, brace-expansion, tmp — these were locked in by peer dependencies (jsdom, cheerio, fdir) at the old vulnerable versions. The overrides are scoped to clear known CVEs only.

Security stack

• .gitleaks.toml — allowlist (lockfile, build outputs, self-references)
• .pre-commit-config.yaml + hook install — gitleaks runs on every commit
• SECURITY.md — disclosure policy → private GitHub advisories
• .github/dependabot.yml — weekly pnpm + GitHub Actions PRs, grouped devDep + runtime security
• .github/workflows/security-audit.yml — on-PR + weekly Monday 06:00 UTC cron, runs Gitleaks + Semgrep + pnpm audit
• scripts/security/Makefile — make audit-all, make audit-secrets, make audit-code, make audit-deps, make pre-commit-install

CI hardening

Pinned all GitHub Actions in release.yml, test.yml, and the new security-audit.yml to commit SHAs (no tag-only references).

Verification

• pnpm audit --json → { critical: 0, high: 0, moderate: 0 }
• pnpm -r build → green (vite 7.3.5, esbuild 0.27.7)
• gitleaks detect --source . → 0 leaks
• semgrep scan (110 rules on 27 changed files) → 0 findings
• Local install of opencodegui-0.5.3.vsix succeeded

Out of scope (follow-up issues)

• Webview CSP header (defense-in-depth for the post-dompurify window)
• Add p/owasp-top-ten + p/mcp Semgrep rulesets
• Next threat report cycle (2026-06-15)

Test plan

• Wait for fork CI to confirm security-audit.yml gates correctly
• Upstream CI: confirm test.yml and release.yml pass with the new action SHAs
• Confirm Dependabot opens its first weekly PR on Monday

Notes

• I did not touch packages/core/package.json because upstream development does not have vitest in its devDependencies (the original 2026-06-10 audit ran on a state where feat/model-effort-toggle had it, but that was a feature-branch change).
• The dompurify runtime fix is the highest-impact change in this PR — that one ships inside the VSIX, unlike the rest which are build-time/test-time.