fix(deps): resolve Dependabot security alerts

Bump direct dependencies:
- dompurify: 3.3.2 -> 3.4.0 (8 medium alerts: #291-#298)
- js-cookie: ^3.0.5 -> ^3.0.7 (1 high alert: #325)

Update pnpm overrides for transitive dependencies:
- dompurify: 3.3.2 -> 3.4.0 (force transitive consumers to patched version)
- fast-xml-parser: ^5.5.7 -> ^5.7.0 (1 high: #303, 1 medium: #300)
- postcss: add ^8.5.10 override (1 medium: #301, next.js bundles 8.4.31)
- uuid: add ^11.1.1 override (1 medium: #324, no 9.x/8.x patch exists)

Lockfile updates via pnpm update:
- vite: 7.3.1 -> 7.3.5 (2 high: #287-#288, 1 medium: #289)
- picomatch: 2.3.1 -> 2.3.2, 4.0.3 -> 4.0.4 (2 high: #279-#280, 2 medium: #281-#282)
- brace-expansion: 2.0.2 -> 2.1.1 (1 medium: #284)
- yaml: 1.10.2 -> 1.10.3, 2.8.2 -> 2.9.0 (2 medium: #277-#278)

Cleanup:
- Remove @types/dompurify from devDependencies and overrides
  (dompurify 3.x ships its own types; @types/dompurify is deprecated)

Author: Shannon Anahata

package.json

@@ -67,7 +67,7 @@
     "@types/mdx": "^2.0.9",
     "algoliasearch": "^4.23.3",
     "classnames": "^2.5.1",
-    "dompurify": "3.3.2",
+    "dompurify": "3.4.0",
     "esbuild": "^0.25.0",
     "framer-motion": "^10.12.16",
     "github-slugger": "^2.0.0",
@@ -78,7 +78,7 @@
     "hast-util-to-string": "^3.0.1",
     "hastscript": "^8.0.0",
     "image-size": "^1.2.1",
-    "js-cookie": "^3.0.5",
+    "js-cookie": "^3.0.7",
     "js-yaml": "^4.1.0",
     "match-sorter": "^6.3.4",
     "mdast-util-from-markdown": "^2.0.2",
@@ -136,7 +136,6 @@
     "@spotlightjs/spotlight": "^2.5.0",
     "@tailwindcss/forms": "^0.5.7",
     "@tailwindcss/typography": "^0.5.10",
-    "@types/dompurify": "3.0.5",
     "@types/hast": "^3.0.4",
     "@types/mdast": "^4.0.4",
     "@types/node": "^22",
@@ -171,15 +170,16 @@
   },
   "pnpm": {
     "overrides": {
-      "dompurify": "3.3.2",
-      "@types/dompurify": "3.0.5",
+      "dompurify": "3.4.0",
       "@types/node": "^22",
       "immutable": "^5.1.5",
       "flatted": "^3.4.2",
       "rollup": "^4.59.0",
-      "fast-xml-parser": "^5.5.7",
+      "fast-xml-parser": "^5.7.0",
       "undici": "^6.24.0",
-      "minimatch": "^9.0.0"
+      "minimatch": "^9.0.0",
+      "postcss": "^8.5.10",
+      "uuid": "^11.1.1"
     },
     "onlyBuiltDependencies": [
       "@parcel/watcher",