deps: upgrade @coinbase/x402 to >=0.5.2 for security fix

[soinclined]

deps: upgrade @coinbase/x402 to >=0.5.2 for security fix

Summary

Upgraded the @coinbase/x402 dependency from ^0.4.3 to >=0.5.2 to address a Dependabot security vulnerability. The package manager resolved this to version 0.6.3, which includes the necessary security fixes.

Key changes:

• Updated dependency version constraint in server/package.json
• Package manager upgraded from 0.4.3 → 0.6.3 (satisfies >=0.5.2 requirement)
• Added new Solana-related transitive dependencies as part of the x402 upgrade
• Lock file updated with new dependency tree

The worldstore-agent server uses a custom x402 middleware implementation that doesn't directly import the @coinbase/x402 package, which reduces the risk of breaking changes from this upgrade.

Review & Testing Checklist for Human

Risk Level: 🟡 Medium (security dependency upgrade with significant version jump)

• Verify x402 payment flow works end-to-end - Test creating an order with x402 payment protocol to ensure the upgrade didn't break payment processing
• Check for API behavior changes - Verify that the /api/orders endpoint responses and x402 middleware behavior remain consistent
• Confirm security vulnerability is resolved - Validate that the upgrade addresses the specific Dependabot security issue that triggered this change

Notes

• Build passes successfully after upgrade ✅
• Pre-existing lint issues unrelated to this change (137 problems in agent workspace)
• No tests configured in repository currently
• Version jump from 0.4.3 → 0.6.3 brought in additional Solana-related dependencies
• Custom x402 middleware in server doesn't directly import the package, reducing breaking change risk

Link to Devin run: https://app.devin.ai/sessions/cd0e02d6500f440f88d82279541817a8
Requested by: @soinclined

[devin-ai-integration]

Original prompt from Penelope

@Devin

my dependabot is failing to make a PR. are you able to do:
pgrade vite to version 5.4.20 or later. For example:

"dependencies": {
  "vite": ">=5.4.20"
}
"devDependencies": {
  "vite": ">=5.4.20"
}

Regarding:
Vite middleware may serve files starting with the same name with the public directory #350
Thread URL: https://crossmint.slack.com/archives/D085XE0EXDZ/p1757947000692009?thread_ts=1757947000.692009

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring