build(deps): patch security vulnerabilities in composer and npm deps
PHP (composer.lock):
- guzzlehttp/guzzle 7.10.0 -> 7.13.1 (CVE-2026-55767, CVE-2026-55568)
- guzzlehttp/psr7 2.9.0 -> 2.12.3 (CVE-2026-55766, CVE-2026-49214, CVE-2026-48998)
- symfony/cache 5.4.46 -> 5.4.53 (CVE-2026-45073 SQL injection)
frontend/admin: npm audit fix (axios, shell-quote, form-data, js-yaml,
esbuild, vite) -> 0 vulnerabilities
frontend/spa: npm audit fix + vitest/@vitest/ui -> 4.1.9 (flatted) ->
0 vulnerabilities
Verified: 299 PHPUnit tests pass, 53 SPA vitest pass, both frontends build.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>