[Aikido] Fix security issue in @xmldom/xmldom via minor version upgrade from 0.7.13 to 0.8.13 in with-react-native

[aikido-autofix]

Upgrade @xmldom/xmldom to fix XML injection vulnerability via unvalidated processing instruction data that allows arbitrary node injection.

✅ Code not affected by breaking changes.

✅ No breaking changes from the @xmldom/xmldom upgrade (0.7.13 => 0.8.13) affect this codebase.

The package is only present as a transitive dependency through @expo/plist and plist packages, and there is no direct usage of:

• XML parsing or serialization APIs (DOMParser, XMLSerializer)

• Deprecated exports from lib/dom-parser.js

• XML attribute values with literal \t, \n, or \r characters

• Any code that would be affected by line ending normalization changes

The upgrade is handled internally by the dependency packages and does not impact the application code.

All breaking changes by upgrading @xmldom/xmldom from version 0.7.13 to 0.8.13 (CHANGELOG)

Version	Description
0.8.0	Line endings are now normalized according to XML specs before parsing; certain combinations of line break characters will be normalized to a single \n and no longer preserved.
0.8.0	XMLSerializer no longer preserves literal \t, \n or \r in attribute values; these must now be represented as numerical character references (e.g. 	, 
, 
) to be preserved.
0.8.0	Deprecated exports DOMImplementation and XMLSerializer removed from lib/dom-parser.js; use the main package export instead.

✅ 1 CVE resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-41675	HIGH	[@xmldom/xmldom] A processing instruction injection vulnerability allows attackers to inject arbitrary XML nodes by terminating PI sequences early through unvalidated data serialization. This enables XML injection attacks that can lead to information disclosure or other XML-based exploits.

---

^{Need help on this PR? Tag @codesmith with what you need. Autofix is disabled.}