Refresh web sample and template lockfiles onto a non-vulnerable Vite line

After the bridge DX and test-host fixes, CI was still blocked by the
npm dependency governance gate. The affected sample/template web
workspaces were resolving vulnerable Vite versions in lockfiles even
though the current DX direction expects these workspaces to be safe for
first-run and documentation-driven adoption.

This change lifts the sample/template web apps onto a safe Vite range
and refreshes the corresponding lockfiles so the governance scan sees
a clean high/critical vulnerability surface.

Constraint: Keep the change limited to the governed sample/template web workspaces and their lockfiles so the dependency-governance signal stays precise
Constraint: Preserve the current app-builder DX story without introducing a larger frontend-toolchain migration
Rejected: Downgrade the dependency vulnerability gate | the gate is correctly identifying a real adoption risk in shipped sample/template apps
Rejected: Patch only package.json without refreshing lockfiles | CI audits the resolved dependency graph, not just the declared range
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: When bumping frontend tooling for governed sample/template apps, update both declared ranges and lockfiles together or CI governance will keep failing
Tested: `npm audit --json --audit-level=high` on governed sample web workspaces (no high/critical findings)
Tested: `./build.sh --target DependencyVulnerabilityGovernance` (succeeded)
Tested: `dotnet test tests/Agibuild.Fulora.UnitTests/Agibuild.Fulora.UnitTests.csproj --configuration Release -v minimal` (2177 passed)
Not-tested: Fresh GitHub Actions status for this dependency-governance follow-up until remote CI completes
Related: 95c22d0

Author: Hongwei-MB

samples/avalonia-ai-chat/AvaloniAiChat.Web/package-lock.json

@@ -20,7 +20,7 @@
     "@vitejs/plugin-react": "^5.1.4",
     "tailwindcss": "^4.1.18",
     "typescript": "^5.9.3",
-    "vite": "^6.4.1"
+    "vite": "^6.4.2"
   },
   "overrides": {
     "picomatch": "^4.0.4"

samples/avalonia-ai-chat/AvaloniAiChat.Web/package.json

@@ -22,7 +22,7 @@
     "@vitejs/plugin-react": "^5.1.4",
     "tailwindcss": "^4.1.18",
     "typescript": "^5.9.3",
-    "vite": "^6.4.1"
+    "vite": "^6.4.2"
   },
   "overrides": {
     "rollup": "^4.59.0",

samples/avalonia-react/AvaloniReact.Web/package-lock.json

@@ -19,7 +19,7 @@
     "@vitejs/plugin-vue": "^5.2.1",
     "tailwindcss": "^4.1.18",
     "typescript": "^5.9.3",
-    "vite": "^6.4.1",
+    "vite": "^6.4.2",
     "vue-tsc": "^2.2.0"
   },
   "overrides": {

samples/avalonia-react/AvaloniReact.Web/package.json

@@ -18,7 +18,7 @@
     "@types/react-dom": "^19.2.0",
     "@vitejs/plugin-react": "^4.3.0",
     "typescript": "^5.9.3",
-    "vite": "^6.0.0"
+    "vite": "^6.4.2"
   },
   "overrides": {
     "picomatch": "^4.0.4"

samples/avalonia-vue/AvaloniVue.Web/package-lock.json

@@ -18,6 +18,6 @@
     "@types/react-dom": "^19.2.3",
     "@vitejs/plugin-react": "^5.1.4",
     "typescript": "^5.9.3",
-    "vite": "^6.4.1"
+    "vite": "^6.4.2"
   }
 }