test: remove duplicate JSON security tests

These tests are already comprehensively covered in
package-url-json-security.test.mts

Author: jdalton

test/package-url.test.mts

@@ -468,34 +468,8 @@ describe('PackageURL', () => {
   })
 
   describe('Input validation', () => {
-    it('should reject JSON strings exceeding maximum size', () => {
-      const largeJson = JSON.stringify({ name: 'x'.repeat(1024 * 1024) })
-      expect(() => PackageURL.fromJSON(largeJson)).toThrow(
-        'JSON string exceeds maximum size limit of 1048576 bytes',
-      )
-    })
-
-    it('should reject non-object JSON', () => {
-      expect(() => PackageURL.fromJSON('[]')).toThrow(
-        'JSON must parse to an object',
-      )
-      expect(() => PackageURL.fromJSON('"string"')).toThrow(
-        'JSON must parse to an object',
-      )
-      expect(() => PackageURL.fromJSON('null')).toThrow(
-        'JSON must parse to an object',
-      )
-    })
-
-    it('should prevent prototype pollution in fromJSON', () => {
-      const maliciousJson =
-        '{"__proto__":{"isAdmin":true},"type":"npm","name":"test"}'
-      const purl = PackageURL.fromJSON(maliciousJson)
-      expect(purl.type).toBe('npm')
-      expect(purl.name).toBe('test')
-      // Verify prototype pollution didn't occur.
-      expect(({} as any).isAdmin).toBeUndefined()
-    })
+    // JSON security tests moved to package-url-json-security.test.mts
+    // for better organization and to avoid duplication
 
     it('should reject package URLs exceeding maximum length', () => {
       const longUrl = 'pkg:npm/' + 'x'.repeat(4090)