fix(root): resolve yaml, diff, and webpack audit findings fixes DOC-326

[cursor]

Summary

Resolves three pnpm audit findings that were not already covered by open dependency PRs (#1095, #1097). Linear: DOC-326.

Changes

Package	Severity	Strategy	Advisory
yaml	moderate	B — pnpm.overrides → ^2.8.3	GHSA-48c2-rrv3-qjmp (CVE-2026-33532)
diff	low	B — pnpm.overrides → ^5.2.2	GHSA-73rr-hh4g-fpgx (CVE-2026-24001)
webpack	low	A — direct devDependency ^5.104.1 (resolves via file-loader / url-loader)	GHSA-8fgc-7cc6-rx7x, GHSA-38r7-794h-5758

Note: pnpm.overrides for webpack did not bump the nested instance in this lockfile; pinning webpack at the workspace root ensures a patched 5.x.

Verification

• pnpm install --no-frozen-lockfile
• pnpm audit --json — advisory IDs 1115556, 1112705, 1113041, 1113042 no longer present
• pnpm build — succeeded

Skipped (this run)

• sanitize-html (critical): patched_versions is <0.0.0 (no published fix).
• Advisories already targeted by fix(root): resolve moderate audit findings (babel runtime, postcss, mdast-util-to-hast) fixes DOC-323 #1095 / fix(root): resolve moderate ajv and brace-expansion vulnerabilities fixes DOC-325 #1097 (babel runtime, postcss, mdast-util-to-hast, ajv, brace-expansion).

  

[linear-code]

DOC-326

[netlify]

✅ Deploy Preview for docs-novu ready!

Name	Link
🔨 Latest commit	2129a8b
🔍 Latest deploy log	https://app.netlify.com/projects/docs-novu/deploys/6a0aad1af2c4020008a10eb0
😎 Deploy Preview	https://deploy-preview-1098--docs-novu.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.