fix: use pnpm.overrides to enforce undici >=6.23.0

The top-level `overrides` field is npm syntax; pnpm requires
`pnpm.overrides`. This change ensures undici 5.x (vulnerable to
unbounded decompression, CVE) is not resolved as a transitive dep.

Author: finalerock44

package.json

@@ -25,8 +25,10 @@
     "@vercel/ncc": "^0.38.4",
     "typescript": "^5.9.3"
   },
-  "overrides": {
-    "undici": ">=6.23.0"
+  "pnpm": {
+    "overrides": {
+      "undici": ">=6.23.0"
+    }
   },
   "packageManager": "pnpm@10.29.3"
 }