fix(deps): resolve 15 Dependabot vulnerability alerts

[hubcio]

Dependabot flagged 16 vulnerabilities across Rust and npm
lockfiles. 15 are resolved here; 1 (astral-tokio-tar, LOW)
awaits an upstream testcontainers release.

Rust (4 alerts): core/bench/dashboard/server had a stale
Cargo.lock from before it joined the workspace. The root
lockfile already had patched versions - the stale file was
just confusing Dependabot. Deleted it.

npm (11 alerts across web/, foreign/node/, examples/node/):
transitive deps devalue, flatted, effect, and minimatch
were pinned below patched versions. Added overrides to
force minimum safe versions and regenerated lockfiles.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.07%. Comparing base (298cd32) to head (4c8b8f0).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #3016      +/-   ##
============================================
- Coverage     72.07%   72.07%   -0.01%     
  Complexity      930      930              
============================================
  Files          1124     1124              
  Lines         93832    93832              
  Branches      71178    71180       +2     
============================================
- Hits          67630    67627       -3     
+ Misses        23633    23621      -12     
- Partials       2569     2584      +15     

Flag	Coverage Δ
node	91.37% <ø> (-0.07%)	⬇️
rust	72.78% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 23 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.