chore: pin svgo to 3.3.3

[dannyhw]

Issue:

• Resolve the SVGO DoS through entity expansion in DOCTYPE vulnerability by pinning the transitive svgo dependency to the earliest fixed release.

What I did

• added a root pnpm.overrides entry for svgo: 3.3.3
• regenerated pnpm-lock.yaml so Docusaurus/SVGR and postcss-svgo resolve to the fixed version

How to test

• run pnpm install --lockfile-only

• run pnpm audit --prod and confirm there are no reported vulnerabilities for svgo

• Does this need a new example in examples/expo-example? No

• Does this need an update to the documentation? No

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7fb200f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR