security: update dompurify and SQLitePCLRaw packages

[rorychatt]

Updates dompurify and SQLitePCLRaw.bundle_e_sqlite3 dependencies to address security alerts.

[rorychatt]

@claude review this

[artem-ivy-ai]

Staging removed

Staging environment has been deleted for this PR.

[ivy-interactive-claude-code]

Claude finished @rorychatt's task in 1m 10s —— View job

---

PR Review: Security Dependency Updates

• Gather context and read changed files
• Review dependency updates for security
• Provide review feedback

---

Overall Assessment: ✅ LGTM

This PR correctly updates two security-sensitive dependencies to address security alerts.

Changes Reviewed

Package	Previous	Updated	File
dompurify	(older)	3.4.9	src/frontend/package.json (override)
SQLitePCLRaw.bundle_e_sqlite3	(older)	3.0.0	src/Ivy.Agent.EfQuery.Test/Ivy.Agent.EfQuery.Test.csproj

Review Notes

1. DOMPurify (3.4.9) - Used via pnpm overrides to ensure all transitive dependencies use this patched version. This is the correct approach for addressing vulnerabilities in nested dependencies.

2. SQLitePCLRaw.bundle_e_sqlite3 (3.0.0) - Updated in the test project. Version 3.0.0 is the latest stable release.

3. Lock file updated - pnpm-lock.yaml correctly reflects the dompurify override at version 3.4.9.

Security Considerations

• Both packages have had known vulnerabilities in older versions
• DOMPurify is critical for XSS protection when sanitizing HTML
• SQLitePCLRaw is the SQLite binding layer used by Entity Framework Core

No issues found. The PR is properly scoped to only the security-related version bumps.