chore(deps): patch devalue + yaml in docs site

Resolves dependabot alerts:
- devalue prototype pollution (CVE-2026-42570, high)
- yaml stack overflow on deeply nested collections (GHSA-48c2-rrv3-qjmp, moderate)

yaml is a deep transitive of @astrojs/check (via @astrojs/language-server
→ volar-service-yaml → yaml-language-server). Pinned via package.json
overrides to bypass the unpatched upstream chain. devalue patched
transitively via astro upgrade.

Author: felixgeelhaar