chore(deps): bump @xmldom/xmldom to fix XML injection

[antonis]

Scoped resolutions to patch @xmldom/xmldom XML injection via unsafe CDATA serialization:

• 0.8.x consumers (expo/plist, plist, appium-chromedriver): → 0.8.12
• 0.9.x consumers (appium-ios-remotexpc, appium-ios-simulator): → 0.9.9

Dev-only dependencies.

https://github.com/getsentry/sentry-react-native/security/dependabot/488
https://github.com/getsentry/sentry-react-native/security/dependabot/489

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• chore(deps): bump @xmldom/xmldom to fix XML injection by antonis in #5952

• feat(core): Add Sentry.appLoaded() API to signal app start end by alwx in #5940
• chore: Update validate-pr workflow by stephanie-anderson in #5948
• fix(tracing): Fix inflated http.client span durations caused by iOS inactive timer delay by antonis in #5944
• feat(core): Add frames.delay data from native SDKs by antonis in #5907
• docs(core): Add changelog for supabase PostgREST nullish response fix by antonis in #5939
• chore(deps): update JavaScript SDK to v10.47.0 by github-actions in #5938
• chore(core): Deprecate FeedbackButton FAB APIs by antonis in #5933
• Fix: Disable global prettier by lucas-zimerman in #5937
• refactor(core): Rename FeedbackWidget to FeedbackForm by antonis in #5931
• refactor(core): Extract playground modal styles to separate file by antonis in #5927
• fix(ci): Avoid unnecessary runner allocation by splitting platform matrix into separate jobs by alwx in #5924
• feat(core): Track shake to report integration usage by antonis in #5929
• chore(deps): update CLI to v3.3.5 by github-actions in #5925
• chore: Replace prettier with oxfmt by antonis in #5880
• chore(deps): bump brace-expansion to ^5.0.5 by antonis in #5920
• chore(deps): bump path-to-regexp to ^8.4.0 by antonis in #5919
• chore: Migrate from ESLint to oxlint by antonis in #5867
• chore(deps): bump yaml to ^2.8.3 by antonis in #5921
• chore(deps): bump activesupport to >= 7.2.3.1 by antonis in #5922
• fix(ci): Update validate-pr action to remove draft enforcement by stephanie-anderson in #5923
• chore(deps): bump actions/checkout from 4 to 6 by dependabot in #5916
• chore(deps): bump getsentry/craft from 2.25.0 to 2.25.2 by dependabot in #5918
• chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.25.0 to 2.25.2 by dependabot in #5914

Plus 13 more

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

	Fails
🚫	Pull request is not ready for merge, please add the "ready-to-merge" label to the pull request

Generated by 🚫 dangerJS against 45e0262

[lucas-zimerman]

LGTM!