tech story: Update dompurify and jsPDF to fix dependabot alert

[coliu-akamai]

Description 📝

Fixes dependabot alert here: https://github.com/linode/manager/security/dependabot/121
See #10953 for context

Changes 🔄

• Updates package.json to make dompurify dependency v3.1.6
• also takes the change from the linked PR to remove dompurify v2.4.7
• updates jsPDF to newest version (2.5.2) since they address the dompurify issue there

How to test 🧪

• confirm github actions pass
• confirm running yarn install doesn't change the yarn.lock file
• *** confirm no regression in invoice pdf generation

As an Author I have considered 🤔

Check all that apply

• 👀 Doing a self review
• ❔ Our contribution guidelines
• 🤏 Splitting feature into small PRs
• ➕ Adding a changeset
• 🧪 Providing/Improving test coverage
• 🔐 Removing all sensitive information from the code and PR description
• 🚩 Using a feature flag to protect the release
• 👣 Providing comprehensive reproduction steps
• 📑 Providing or updating our documentation
• 🕛 Scheduling a pair reviewing session
• 📱 Providing mobile support
• ♿ Providing accessibility support

[github-actions]

Coverage Report: ✅
Base Coverage: 86.93%
Current Coverage: 86.93%

[dwiley-akamai]

GHA ✅ (the two failing E2E tests seem to be flakes)
No issues with yarn.lock locally ✅

[coliu-akamai]

update: saw that a jsPDF update just came out to address the dompurify security concern - v2.5.2. I've updated jsPDF on my branch + checked that all tests pass. There shouldn't be any breaking changes based on the release notes, but will be trying to test with generating invoices as well before pushing it up!

[bnussman-akamai]

Looks good! Thank you 📦

[coliu-akamai]

@bnussman-akamai @dwiley-akamai just pushed up a change to update jsPDF as well - would you be able to rereview with a focus that there are no regressions in invoice generation 😅

[bnussman-akamai]

Confirmed yarn.lock looks good and PDF invoices are also good ✅

[dwiley-akamai]

Invoice PDFs look good to me as well 🚢