Bump the existing pnpm override for tmp from >=0.2.4 to >=0.2.6 to
cover GHSA-ph9p-34f9-6g65, a path-traversal vulnerability via
unsanitized prefix/postfix in tmp <0.2.6. Surfaced by pnpm ci:audit.
Both consuming paths in the tree (nx and @lhci/cli) still depend on
tmp <0.2.6 at their latest releases, so an upstream upgrade is not
an option. Same override pattern that was already in place for the
prior tmp advisory, with the lower bound widened.
Side effect of pnpm install: @scalar/nestjs-api-reference bumped
1.1.16 -> 1.1.19, both within the existing ^1.1.14 range. Natural
transitive resolution, not a deliberate change.
Risk: patch bump on a tiny library with a stable API; the 0.2.5 and
0.2.6 releases are sanitization-only fixes.