chore: safe dependency upgrades (@types/node, @types/supertest, @types/shelljs, @types/multer, multer, glob)

[pyramation]

Summary

Upgrades low-risk dev-only type packages and two minor runtime dependencies across the monorepo, aligning @types/node to the team's Node 22 target.

Package	From	To	Scope	Workspaces
@types/node	^18.19.69 / ^20.12.7 / ^20.19.27 / ^22.19.1	^22.19.11	devDependency	22 packages
@types/supertest	^6.0.2 / ^6.0.3	^7.2.0	devDependency	graphql/server-test, jobs/knative-job-service
@types/shelljs	^0.8.16	^0.10.0	devDependency	packages/cli, pgpm/cli
@types/multer	^1.4.12	^2.0.0	devDependency	graphql/server
multer	^2.0.1	^2.1.0	dependency	graphql/server
glob	^13.0.0	^13.0.6	devDependency	packages/cli

pnpm build passes locally. The lockfile also cleaned up some transitive deps (multer@2.1.0 dropped mkdirp@0.5.6, object-assign, xtend; undici-types consolidated from 3 versions to 2).

Review & Testing Checklist for Human

• uploads/s3-utils: @types/node jumped from ^18.x to ^22.x — largest type leap in this PR. Verify S3 upload code still compiles cleanly and Node stream/buffer types haven't shifted in a way that causes subtle issues at runtime
• graphql/server multer usage: @types/multer is a major bump (1.x → 2.x). Verify that Multer.File type, middleware signatures, and file upload handling still match expectations. The runtime multer bump is only minor (2.0 → 2.1), but the type change could surface new strictness
• CLI packages (packages/cli, pgpm/cli): @types/shelljs bump to 0.10.0 — verify shelljs command usage (e.g., shell.exec, shell.cd) still has correct types
• Test compilation: Run test suites for graphql/server-test and jobs/knative-job-service to ensure @types/supertest 7.x doesn't break test type inference

Recommended test plan: Run the full test suite (pnpm test) to catch any type-level issues that may not surface during build. Spot-check file upload flows in local dev to ensure multer behavior is unchanged.

Notes

• Build passed locally with pnpm build
• All changes are either dev-only type packages or patch/minor bumps
• CI not yet verified — waiting for checks to complete

Requested by: @pyramation
Link to Devin Session

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring