fix: address 3 security vulnerabilities in UI npm dependencies

Summary

Fixes three vulnerabilities reported by Mend in ui/package.json transitive deps. All are build/dev-time dependencies in the UI.

Closes #680 (closed)

Changes

Updates pnpm.overrides in ui/package.json to force patched versions of three vulnerable packages:

CVE	Severity	Package	Fix
CVE-2026-27606	Critical (9.1)	rollup-2.79.2	>=2.80.0
CVE-2026-27904	High (7.5)	minimatch-3.1.2	>=3.1.4
CVE-2026-2739	Medium (5.3)	bn.js-5.2.1 / 4.12.0	>=5.2.3

Note: minimatch was previously pinned to the vulnerable 3.1.2 in overrides — this PR fixes that pin.

GitHub mirror issues

• https://github.com/postgres-ai/database-lab-engine/issues/282 (rollup)
• https://github.com/postgres-ai/database-lab-engine/issues/283 (minimatch)
• https://github.com/postgres-ai/database-lab-engine/issues/281 (bn.js)