Fix Dependabot security vulnerabilities in xmldom and uuid (#1557)

- Updated @xmldom/xmldom from 0.8.12 to 0.8.13
  - Addresses alerts #173, #174, #175, #176 (high severity)
  - Fixes XML node/DocumentType/processing instruction/comment
    injection and uncontrolled recursion DoS
- Updated uuid from 8.3.2 to 14.0.0
  - Addresses alert #172 (medium severity)
  - Missing buffer bounds check in v3/v5/v6; codebase uses only v4
    so no API changes required

Co-authored-by: Priyanshu Agrawal <priyanshuag@Priyanshus-MacBook-Pro.local>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

Author: 4 people

package-lock.json

@@ -1823,7 +1823,7 @@
     "@types/jwt-decode": "2.2.0",
     "@types/node-fetch": "^2.6.2",
     "@vscode/extension-telemetry": "^0.6.2",
-    "@xmldom/xmldom": "^0.8.12",
+    "@xmldom/xmldom": "^0.8.13",
     "cockatiel": "^3.1.1",
     "command-exists": "^1.2.9",
     "find-process": "^1.4.7",
@@ -1839,7 +1839,7 @@
     "stream-http": "^3.2.0",
     "tty-browserify": "^0.0.1",
     "unzip-stream": "^0.3.2",
-    "uuid": "^8.3.2",
+    "uuid": "^14.0.0",
     "vscode-languageclient": "^7.0.0",
     "vscode-languageserver": "^7.0.0",
     "vscode-languageserver-textdocument": "^1.0.1",