[Aikido] Fix security issue in devalue via minor version upgrade from 5.7.1 to 5.8.1

[aikido-autofix]

Upgrade devalue to fix HIGH severity DoS vulnerability in sparse array deserialization causing excessive memory consumption.

✅ There are no breaking changes

✅ 1 CVE resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42570	HIGH	[devalue] devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption.

🤖 Remediation details

Fix CVE-2026-42570: bump transitive devalue to 5.8.1

Short summary

This PR remediates a high-severity vulnerability in the devalue package by updating its resolved version in package-lock.json. No package.json manifest changes were required. The fix is a lockfile-only transitive update; devalue is pulled in by the direct dependency astro.

devalue

devalue is a transitive dependency of astro (declared as "^5.6.2" by astro@5.18.1). The lockfile was resolving devalue to 5.7.1, which is vulnerable; the patched floor is 5.8.1. Because 5.8.1 satisfies astro's declared range, no manifest edit or override was needed — running npm update devalue --package-lock-only was sufficient to advance the resolved version to 5.8.1 and close the vulnerability.

Version changes

Package	From	To	Why updated
devalue	5.7.1	5.8.1	Lockfile-only transitive fix; resolves CVE-2026-42570 within astro's existing ^5.6.2 range

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #6