Bump vite to 6.4.2 to fix CVE GHSA-4w7w-66w2-5vf9 and GHSA-p9ff-h696-f583

Fixes arbitrary file read via dev server WebSocket and path traversal
in optimized deps .map handling.

Author: DeusData

graph-ui/package-lock.json

@@ -36,7 +36,7 @@
     "jsdom": "^25.0.0",
     "tailwindcss": "^4.1.0",
     "typescript": "^5.7.0",
-    "vite": "^6.0.0",
+    "vite": "^6.4.2",
     "vitest": "^3.0.0"
   }
 }