fix(deps): resolve compliance vulnerabilities

[darcyYe]

Summary

Resolve the current compliance-related dependency vulnerabilities reported by GitHub Dependabot.

• Add bounded pnpm.overrides for @tootallnate/once, immutable, and flatted
• Tighten existing overrides for dompurify and tar to patched compatible ranges instead of open-ended >= ranges
• Regenerate pnpm-lock.yaml so the dependency graph resolves to patched versions:
  dompurify@3.3.3, @tootallnate/once@3.0.1, tar@7.5.11, immutable@4.3.8, flatted@3.4.1
• Confirm pnpm audit reports no known vulnerabilities locally

Testing

Tested locally

Checklist

• .changeset
• unit tests
• integration tests
• necessary TSDoc comments

[github-actions]

COMPARE TO master

Total Size Diff 📈 +346 Bytes

Diff by File

Name	Diff
package.json	📈 +129 Bytes
pnpm-lock.yaml	📈 +217 Bytes

[Copilot]

Pull request overview

This PR updates the workspace’s pnpm.overrides and regenerates pnpm-lock.yaml to ensure vulnerable transitive dependencies resolve to patched versions, addressing Dependabot/GitHub compliance vulnerability reports.

Changes:

• Tighten existing overrides for dompurify and tar to patched compatible ranges.
• Add new overrides for @tootallnate/once, immutable, and flatted.
• Regenerate pnpm-lock.yaml so the resolved graph uses patched releases.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File	Description
package.json	Updates pnpm.overrides to enforce patched dependency ranges.
pnpm-lock.yaml	Regenerates lockfile to resolve patched versions and reflect new override rules.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.