Bump @xmldom/xmldom and pdf2json in /node

[dependabot]

Removes @xmldom/xmldom. It's no longer used after updating ancestor dependency pdf2json. These dependencies need to be updated together.

Removes @xmldom/xmldom

Updates pdf2json from 2.1.0 to 4.0.2

Release notes

Sourced from pdf2json's releases.

Stable Build v4.0.2

add support for transparent groups, ensure endGroup would merge sub-canvas text/line/etc. back to primary output data. this completes the fix for #418

Stable Build v4.0.1

Bug fixes

1. fix: correct circular dependency without dup](PR #415)
2. fix: issue #418

Stable Build v4.0.0 [Breaking Changes]

v4.0.0 Release Notes

includes critical fixes for text encoding, space preservation, and text positioning, along with improved error handling. This release contains breaking changes that require attention when upgrading from v3.x.

🚨 Breaking Changes

Text Encoding Change (Issue #385, PR #410)

What Changed: Text in JSON output is no longer URI-encoded. All text now outputs as UTF-8 directly.

Why: To properly support Chinese, Japanese, Korean, and other multi-byte Unicode characters. The previous URI encoding caused issues with CJK text display and partial character extraction.

Migration Required: If your code expects URI-encoded text, you must update it to handle plain UTF-8 text.

JSON Output Examples

Before v4.0.0 (URI-encoded):

{
  "Pages": [{
    "Texts": [{
      "R": [{
        "T": "Added%20Text%20from%20Acrobat"
      }]
    }]
  }]
}

After v4.0.0 (UTF-8):

{
  "Pages": [{
    "Texts": [{
      "R": [{
        "T": "Added Text from Acrobat"
      }]
    }]
  }]
}

... (truncated)

Commits

• 48b50bf feat: add support for transparent groups, ensure endGroup would merge sub-can...
• de176e5 fix: issue #418: resolve obj ref before invoking getAll (#418)
• 399f9cb fix: correct circular dependency without dup (#415)
• 96493fc doc: update readme with v4.0.0 breaking changes
• c8b372b fix: unify error and exception handling for cli start with invalid in… (#414)
• b9d5cb9 maint: prep major release with version bumps for both self and dev dependenci...
• b193d9f fix: #355, #361, #319: calculate text block gap and spacewidth from fontMatri...
• 7b05aa9 fix: #385 [3.3.0 BREAKING CHANGE] removed encodeURIComponent and ensure utf8 ...
• 5569bf7 fix: #408: fix text block coordinates, add tests (#409)
• 1faf820 fix: keep zero dependencies #406 (#407)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #46.