fix(security): add overrides for qs and undici vulnerabilities (#146)

* chore: remove stale changeset for ignored private package

The workout-spa-editor changeset cannot produce a release since the
package is private and listed in changesets ignore config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(security): add overrides for qs and undici vulnerabilities

- qs >=6.7.0 <=6.14.1: arrayLimit bypass DoS (GHSA-w7fw-mjwx-w883)
- undici <6.23.0: unbounded decompression chain (GHSA-g9mf-h72j-4rw9)

Both are transitive dependencies that cannot be updated directly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: apply prettier formatting to pnpm-lock.yaml

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Pablo Albaladejo <pablo.albaladejo@aircall.io>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: 3 people

.changeset/reorganize-workout-toolbar.md

@@ -19,7 +19,9 @@
       "lodash@<4.17.23": ">=4.17.23",
       "esbuild@<=0.24.2": ">=0.25.0",
       "glob@>=10.3.7 <=11.0.3": ">=11.1.0",
-      "@isaacs/brace-expansion@<=5.0.0": ">=5.0.1"
+      "@isaacs/brace-expansion@<=5.0.0": ">=5.0.1",
+      "qs@>=6.7.0 <=6.14.1": ">=6.14.2",
+      "undici@<6.23.0": ">=6.23.0"
     },
     "peerDependencyRules": {
       "allowedVersions": {