Add pnpm dependency overrides for security vulnerabilities (#3)

* fix: resolve socket.dev security warnings via pnpm overrides

Add pnpm.overrides to force patched versions of vulnerable transitive
dependencies: fast-xml-parser, node-forge, undici, tar, minimatch,
picomatch, and brace-expansion.

https://claude.ai/code/session_01YLnaP1E1tMzpnACcD3A6nN

* fix: use bounded same-major overrides for transitive dependency CVEs

The previous unbounded overrides caused CI failures:
- minimatch v10 broke test-exclude@6 (removed default export)
- undici v7 raised Node minimum to >=20.18.1 (breaks Node 18)
- brace-expansion v5 broke minimatch@5 (different API)

Use bounded version ranges (e.g. ">=3.1.5 <4") to keep each
consumer on its compatible major line while bumping to patched versions.
Remove brace-expansion override as no same-major fix exists.

https://claude.ai/code/session_01YLnaP1E1tMzpnACcD3A6nN

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: yosriady

package.json

@@ -106,6 +106,21 @@
     "react-native-device-info": "^14.0.0",
     "typescript": "^5.7.3"
   },
+  "pnpm": {
+    "overrides": {
+      "fast-xml-parser": ">=4.5.5",
+      "node-forge": ">=1.4.0",
+      "undici": ">=6.24.1 <7",
+      "tar": ">=7.5.13",
+      "minimatch@3": ">=3.1.5 <4",
+      "minimatch@5": ">=5.1.9 <6",
+      "minimatch@9": ">=9.0.9 <10",
+      "minimatch@10": ">=10.2.4",
+      "picomatch@2": ">=2.3.2 <3",
+      "picomatch@3": ">=3.0.2 <4",
+      "picomatch@4": ">=4.0.4"
+    }
+  },
   "react-native-builder-bob": {
     "source": "src",
     "output": "lib",