chore(deps): bump @e4a/pg-js to ^1.5.0

[rubenhensen]

DevDependency only — pg-js is listed for type info that the markdown code samples reference, not imported at runtime by VitePress. The bump itself is mechanical: install resolves cleanly to 1.5.0 and `docs:build` produces the same site.

Picks up encryption4all/postguard-js#52 (resumable downloads) and #47 (chunk PUT retry/backoff) so any future SDK type imports in `.vitepress/` pick up the latest shapes.

The code snippets under `docs/sdk/` and `docs/repos/` are pinned to specific commit hashes from the source repos per the project conventions in `CLAUDE.md`, so they update independently of this dep bump.

Test plan

• `npm install` — resolves to 1.5.0
• `npm run docs:build` — site builds clean (the 500 kB chunk-size warning is pre-existing, mermaid-related, unrelated to pg-js)

[rubenhensen]

/dobby please review this dependency bump

[dobby-coder]

Dobby is on it! Dobby will pull the branch, install fresh, run the docs build, and post a review with the findings. 🧣

[dobby-coder]

Pulled the branch, ran a fresh install, and built the site.

Verified

• package.json: @e4a/pg-js moved from ^1.3.0 to ^1.5.0 — devDependency, unchanged position.
• package-lock.json: resolves to 1.5.0 cleanly; no other dependency churn.
• npm install: completes without errors. The 4 moderate npm audit findings (esbuild → vite → vitepress chain) are pre-existing on main and unrelated to this bump.
• npm run docs:build: succeeds in ~5s. The 500 kB chunk-size warning is the known mermaid chunk and matches main.

Runtime impact

• Grepped docs/.vitepress/config.mts and docs/.vitepress/theme/ for any @e4a/pg-js import — none. The package is referenced only in markdown code samples under docs/sdk/ and docs/repos/, which are pinned to source-repo commit hashes per the project conventions in CLAUDE.md. So this bump has no effect on the rendered site; it only updates the type info available to the workspace.

Notes

• PR body accurately describes the change; the pg-js PRs it references (resumable downloads, chunk PUT retry/backoff) are forward-compatible.
• No code under .vitepress/ calls into @e4a/pg-js types today, so there is no surface for a breaking-type regression here.

Looks good to merge once CI is green.

[rubenhensen]

Thanks @dobby-coder for the approval. Pre-existing npm audit findings in the esbuild→vite→vitepress chain are out of scope for this devDependency-only bump.

[rubenhensen]

@rubenhensen all dobby checks green — ready for your review and merge when you've run the manual smoke tests called out in the test plan.