chore(security): close 9 dependabot alerts (Jun-23 triage wave) (#1342)

Closes 9 of 14 open Dependabot alerts on this repo. Two floor bumps on
existing `pnpm.overrides` entries + one new entry; lockfile regenerated.

The remaining 5 alerts are cryptography (#191/#192/#193 — handled in
the #1290/#1291 PR pair and a follow-up for text_output) and nltk
(#202/#203 — patched=null, tracked upstream).

Alerts closed:

  #204  HIGH    undici                  >=7.24.0 → >=7.28.0
  #205  MED     undici                  (same line)
  #209  LOW     undici                  (same line)
  #210  HIGH    undici                  (same line)
  #211  HIGH    undici                  (same line)
  #212  MED     undici                  (same line)
  #213  LOW     undici                  (same line)
  #206  MED     webpack-dev-server      >=5.2.4 → >=5.2.5
  #214  MED     http-proxy-middleware   new entry: >=2.0.10 <3

Lockfile-verified single resolutions post-edit:
  undici@7.28.0
  webpack-dev-server@5.2.5
  http-proxy-middleware@2.0.10

Author: anandray

package.json

@@ -68,6 +68,7 @@
 			"form-data": ">=4.0.6 <5",
 			"glob": ">=11.1.0",
 			"handlebars": ">=4.7.9 <5",
+			"http-proxy-middleware": ">=2.0.10 <3",
 			"immutable@5": ">=5.1.5 <6",
 			"joi": ">=18.2.1 <19",
 			"js-yaml": ">=4.2.0 <5",
@@ -96,9 +97,9 @@
 			"tar": ">=7.5.16 <8",
 			"tmp": ">=0.2.6 <1",
 			"underscore": ">=1.13.8 <2",
-			"undici": ">=7.24.0 <8",
+			"undici": ">=7.28.0 <8",
 			"uuid": ">=11.1.1 <12",
-			"webpack-dev-server": ">=5.2.4 <6",
+			"webpack-dev-server": ">=5.2.5 <6",
 			"ws": ">=8.21.0 <9",
 			"yaml@1": ">=1.10.3 <2"
 		},