fix: patch security vulnerabilities in next and diff

[sarayev]

Description of changes:

This PR addresses two critical security vulnerabilities identified by Dependabot:

1. Next.js CVE-2025-67779: Upgraded next from 14.2.32 to 14.2.35 to fix an incomplete patch for a Denial of Service vulnerability in React Server Components. This vulnerability allowed malicious HTTP requests to cause infinite loops in the server runtime.

2. jsdiff DoS vulnerability: Added diff resolution to force version 8.0.3 to patch a Denial of Service vulnerability where parsing patches with certain line break characters (\r, \u2028, \u2029) could cause infinite loops and memory exhaustion. Since diff is a transitive dependency pulled in by ts-node, and even the latest version of ts-node (10.9.2) still depends on the vulnerable diff ^4.0.1, a Yarn resolution was required to override all instances of the vulnerable version and force upgrade to the secure 8.0.3 release.

Related GitHub issue #, if available:

Instructions

If this PR should not be merged upon approval for any reason, please submit as a DRAFT

Which product(s) are affected by this PR (if applicable)?

• amplify-cli
• amplify-ui
• amplify-studio
• amplify-hosting
• amplify-libraries

Which platform(s) are affected by this PR (if applicable)?

• JS
• Swift
• Android
• Flutter
• React Native

Please add the product(s)/platform(s) affected to the PR title

Checks

• Does this PR conform to the styleguide?
• Does this PR include filetypes other than markdown or images? Please add or update unit tests accordingly.
• Are any files being deleted with this PR? If so, have the needed redirects been created?
• Are all links in MDX files using the MDX link syntax rather than HTML link syntax?
  ref: MDX: [link](https://docs.amplify.aws/) HTML: <a href="https://docs.amplify.aws/">link</a>

When this PR is ready to merge, please check the box below

• Ready to merge

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.