Fix security advisories (nodemailer, vite, follow-redirects, uuid)

[tp-abtion]

Security Fixes

Resolves 6 of 9 open Dependabot alerts via lockfile updates:

Alert	Package	Change	Advisory
#90	nodemailer	8.0.4 → 8.0.7	GHSA-vvjj-xcjg-gr5g (medium)
#85	vite	7.3.1 → 7.3.2	GHSA-v2wj-q39q-566r (high)
#86	vite	7.3.1 → 7.3.2	GHSA-4w7w-66w2-5vf9 (medium)
#87	vite	7.3.1 → 7.3.2	GHSA-p9ff-h696-f583 (high)
#95	follow-redirects	1.15.11 → 1.16.0	GHSA-r4q5-vmmm-2653 (medium)
#97	uuid	removed (bullmq dropped it)	GHSA-w5hq-g745-h8pq (medium)

Remaining alerts (blocked)

• Bump @adonisjs/inertia from 3.1.0 to 3.1.1 #96 — @adonisjs/core (GHSA-6qvv-pj99-48qm): Fix requires core 7.x (major upgrade). The vulnerable code is in @adonisjs/http-server which is already at 8.2.0 (patched) in this project.
• Bump form-data from 4.0.1 to 4.0.2 #83, Bump @babel/types from 7.26.8 to 7.26.9 #84 — lodash-es (GHSA-r5fr-rjxr-66jc): Blocked by edgejs-parser → chevrotain 11 → lodash-es. Tracked in ADVISORIES-ON-HOLD.md.

[gemini-code-assist]

Code Review

This pull request updates several package dependencies in package-lock.json, including bullmq, ioredis, msgpackr, nodemailer, semver, and vite. A notable change is the update of bullmq to version 5.76.5, which now specifies a minimum Node.js engine requirement of 12.22.0 and removes the uuid dependency. I have no feedback to provide.