fix(docs): resolve 7 high-severity npm dependency vulnerabilities

[jeff-at-trimble]

Summary

This PR fixes 7 high-severity vulnerabilities in the docs/ site's npm dependency tree, detected via GitHub Dependabot.

Vulnerabilities Resolved

Package	Severity	CVE / Advisory	Patched In	Issue
minimatch	High	CVE-2026-26996	>= 3.1.3	ReDoS via repeated wildcards
minimatch	High	CVE-2026-27903	>= 3.1.3	ReDoS via GLOBSTAR segments
minimatch	High	CVE-2026-27904	>= 3.1.4	ReDoS via nested extglobs
node-forge	High	CVE-2025-12816	>= 1.3.2	ASN.1 Validator Desynchronization
node-forge	High	CVE-2025-66031	>= 1.3.2	ASN.1 Unbounded Recursion
serialize-javascript	High	GHSA-5c6j-r48x-rmvq	>= 7.0.3	RCE via RegExp.flags
svgo	High	CVE-2026-29074	>= 3.3.3	DoS via entity expansion (Billion Laughs)

What Changed

• docs/pnpm-lock.yaml: Updated via pnpm update to pull in patched transitive dependencies (6 of 7 resolved this way)
• docs/package.json: Added a pnpm.overrides entry for serialize-javascript >= 7.0.3 since copy-webpack-plugin transitively pins an older version that can't be updated via normal resolution

Dependency Paths

All vulnerabilities are in transitive dependencies of the Docusaurus documentation site:

• minimatch via @docusaurus/core > serve-handler > minimatch
• node-forge via @docusaurus/core > webpack-dev-server > selfsigned > node-forge
• serialize-javascript via @docusaurus/core > copy-webpack-plugin > serialize-javascript
• svgo via @docusaurus/core > @svgr/webpack > svgo

Verification

$ pnpm audit
No known vulnerabilities found

We'd also recommend enabling Dependabot alerts on this repository for ongoing visibility into dependency vulnerabilities.

Thank you for maintaining MagicOnion!