fix(security): Patch 26 all+ vulnerabilities

[git-steer]

Security Fix

This PR addresses 26 security vulnerabilities.

Vulnerabilities Fixed

CVE	Package	Severity	Fix Version
CVE-2026-54285	@opentelemetry/core	MEDIUM	2.8.0
CVE-2026-48069	@grpc/grpc-js	HIGH	1.14.4
CVE-2026-48068	@grpc/grpc-js	HIGH	1.14.4
CVE-2026-45736	ws	MEDIUM	8.20.1
CVE-2026-45740	protobufjs	MEDIUM	7.5.8
CVE-2026-8723	qs	MEDIUM	6.15.2
CVE-2026-41907	uuid	MEDIUM	11.1.1
CVE-2026-44289	protobufjs	HIGH	7.5.6
CVE-2026-44293	protobufjs	HIGH	7.5.6
CVE-2026-44294	protobufjs	MEDIUM	7.5.6
CVE-2026-44292	protobufjs	MEDIUM	7.5.6
CVE-2026-44290	protobufjs	HIGH	7.5.6
CVE-2026-44291	protobufjs	HIGH	7.5.6
CVE-2026-44288	protobufjs	MEDIUM	7.5.6
CVE-2026-44288	@protobufjs/utf8	MEDIUM	1.1.1
CVE-2026-44902	@opentelemetry/sdk-node	HIGH	0.217.0
CVE-2026-44902	@opentelemetry/sdk-node	HIGH	0.217.0
CVE-2026-44902	@opentelemetry/exporter-prometheus	HIGH	0.217.0
CVE-2026-6322	fast-uri	HIGH	3.1.2
CVE-2026-6321	fast-uri	HIGH	3.1.1
CVE-2026-42338	ip-address	MEDIUM	10.1.1
CVE-2026-41242	protobufjs	CRITICAL	7.5.5
CVE-2026-33672	picomatch	MEDIUM	2.3.2
CVE-2026-4926	path-to-regexp	HIGH	8.4.0
CVE-2026-4923	path-to-regexp	MEDIUM	8.4.0
CVE-2026-30827	express-rate-limit	HIGH	8.2.2

Summary

• Critical: 1 High: 13 Medium: 12 Low: 0

---

Generated by git-steer

[git-steer]

🚦 Functional-integrity gate: NO-GO (ADR-005)

Dimension	Result
BUILD	PASS
TEST	FAIL
SMOKE	NOT_APPLICABLE
SURFACE	NOT_APPLICABLE

Auto-merge withheld — held for human review. A GO verdict is required to auto-merge.