fix(security): override rollup to >=4.59.0 to address GHSA-mw96-cpmx-2vgc

[cswkim]

Description

This PR adds a pnpm override to force rollup to >=4.59.0, ensuring the build tooling uses a patched version that fixes the arbitrary file write via path traversal vulnerability described in GHSA-mw96-cpmx-2vgc. This is needed to prevent crafted Rollup inputs or plugins from writing files outside the intended output directory and potentially achieving code execution on the build host.

Checklist

• It's useful if your PR references an issue where it is discussed ahead of time
• Adhere to semantic messaging and prefix your PR title with feat:, fix:, chore:, docs:, etc.
• I’ve added tests if needed
• I’ve updated documentation if applicable
• I’ve tested this locally
• Add a changeset (pnpm changeset) if necessary

Tests and linting

• Run the tests with pnpm test.
• Run the lint check with pnpm lint.
• Run the code formatting (prettier) check with pnpm format.

[changeset-bot]

🦋 Changeset detected

Latest commit: 5758acd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
discogs-mcp-server	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR