chore: fix undici and flatted dependabot alerts, update yarn to 4.12.0

[jonathannorris]

Summary

• Add yarn resolutions to bump undici and flatted to patched versions
• Update Yarn from 4.4.0 to 4.12.0

Alerts Addressed

Package	Severity	Issue	Resolved Version
undici	High	WebSocket memory/crash exploits, CRLF injection, request smuggling	6.24.1
flatted	High	Unbounded recursion DoS in parse()	3.4.1

Both are transitive deps (undici via cheerio, flatted via flat-cache) whose semver ranges already accept the patched versions -- resolutions ensure the lockfile picks them up.

[Copilot]

Pull request overview

This PR addresses high-severity Dependabot alerts for transitive dependencies undici and flatted by adding Yarn resolutions, and bumps the Yarn package manager version from 4.4.0 to 4.12.0.

Changes:

• Add Yarn resolutions for undici (→ ^6.24.0) and flatted (→ ^3.4.0) to force patched versions of these transitive dependencies.
• Update packageManager field from yarn@4.4.0 to yarn@4.12.0.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Added two resolutions for security-patched transitive deps; bumped Yarn version
yarn.lock	Reflects updated resolved versions for flatted (3.4.1) and undici (6.24.1)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.