fix(security): override dompurify >=3.4.11, jsdom>undici >=7.28.0 (#2323)

* fix(security): override dompurify >=3.4.11, jsdom>undici >=7.28.0 (GHSA-cmwh-pvxp-8882, GHSA-vmh5-mc38-953g, GHSA-pr7r-676h-xcf6)

* fix(security): constrain jsdom>undici to <8 to avoid breaking file layout change

undici 8.x removed lib/handler/wrap-handler.js which jsdom@29 requires,
causing all vitest workers to crash with MODULE_NOT_FOUND.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Eleftheria Stein-Kousathana <eleftheria@stacklok.com>
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

Author: 4 people

pnpm-lock.yaml

@@ -44,7 +44,7 @@ overrides:
   lodash-es: '>=4.18.0'
   mermaid: '>=11.15.0'
   '@babel/core': '>=7.29.6 <8.0.0'
-  dompurify: '>=3.4.9'
+  dompurify: '>=3.4.11'
   js-yaml: '>=4.2.0'
   '@opentelemetry/core': '>=2.8.0'
   tar: '>=7.5.16'
@@ -54,6 +54,7 @@ overrides:
   '@tootallnate/once': '>=3.0.1'
   serialize-javascript: '>=7.0.5'
   uuid: '>=14.0.0'
+  'jsdom>undici': '>=7.28.0 <8'
   brace-expansion@>=4.0.0 <5.0.5: 5.0.6
   brace-expansion@>=2.0.0 <2.0.3: 2.1.1
   brace-expansion@<1.1.13: 1.1.15