fix(security): patch devalue DoS and h3 request smuggling vulnerabilities

- Update devalue override to >=5.6.2 (fixes memory exhaustion DoS)
- Add h3 override >=1.15.5 (fixes HTTP Request Smuggling TE.TE)
- Update pnpm to v10.28.0

Author: kirii86

package.json

@@ -40,7 +40,8 @@
     "overrides": {
       "path-to-regexp": ">=6.3.0",
       "esbuild": ">=0.25.0",
-      "devalue": ">=5.6.2"
+      "devalue": ">=5.6.2",
+      "h3": ">=1.15.5"
     }
   }
 }