[Aikido] Fix 3 security issues in @turbo/darwin-64, @turbo/windows-64, undici

[aikido-autofix]

Upgrade dependencies to fix HTTP response validation bypass, request deduplication collision, and symlink TOCTOU vulnerabilities.

✅ There are no breaking changes

✅ 3 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
AIKIDO-2026-10939	HIGH	[undici] HTTP response validation weakness allows peers to close chunked responses prematurely, causing truncated data to be treated as complete. Additionally, deduplication header collisions can cause concurrent requests to share incorrect responses, potentially leading to information disclosure or integrity bypass.
AIKIDO-2026-10956	MEDIUM	[@turbo/darwin-64] Symlink following vulnerability in cache archive/restore logic allows local attackers to redirect file reads/writes outside intended directories via time-of-check/time-of-use races. OpenTelemetry export also accepted unsafe HTTPS endpoints targeting private networks.
AIKIDO-2026-10957	MEDIUM	[@turbo/windows-64] Symlink following vulnerability in cache archive/restore logic allows local attackers to redirect file reads/writes outside intended directories via time-of-check/time-of-use races. Additionally, OpenTelemetry export accepted unsafe HTTPS endpoints targeting private networks.

[changeset-bot]

⚠️ No Changeset found

Latest commit: b626732

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR