Bump frontend security dependencies

[IEvangelist]

Resolves the open Dependabot security alerts in src/frontend/pnpm-lock.yaml for dompurify and esbuild.

• dompurify override updated to >= 3.4.11
• esbuild override added at >= 0.28.1
• lockfile regenerated accordingly

Validation: pnpm test:unit

[Copilot]

Pull request overview

This PR updates the frontend’s pnpm overrides and regenerates the lockfile to resolve Dependabot security alerts affecting dompurify and esbuild.

Changes:

• Updated the dompurify override to require >= 3.4.11.
• Added an esbuild override to require >= 0.28.1.
• Regenerated pnpm-lock.yaml to reflect the updated resolutions (including platform-specific @esbuild/* packages).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
src/frontend/package.json	Updates pnpm.overrides for dompurify and adds an override for esbuild.
src/frontend/pnpm-lock.yaml	Regenerates the lockfile so resolved versions reflect the new overrides.

Files not reviewed (1)

• src/frontend/pnpm-lock.yaml: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[aspire-repo-bot]

Frontend HTML artifact ready

The latest frontend build uploaded the frontend-dist artifact for PR #1303. Use the VS Code button below to open this PR with GitHub Artifacts Explorer and browse the built HTML locally.

This comment updates automatically when a new frontend build artifact is uploaded.

[IEvangelist]

Closing this as superseded by #1304. I pulled the dependency-security bits from this PR into that branch: the dompurify override is now >=3.4.11, the esbuild override is now >=0.28.1, and the frontend lockfile has been regenerated. #1304 also pins UnoCSS to 66.6.8 so the lockfile passes the current minimum-release-age supply-chain policy.