fix: replace live-server with serve to resolve Snyk vulnerabilities

[Copilot]

• Investigate Snyk PR check vulnerabilities
• Replace live-server with serve to eliminate 11 vulnerabilities
• Update dev script to use serve
• Regenerate package-lock.json — npm audit reports 0 vulnerabilities
• Remove node_modules/.package-lock.json from git tracking (npm-generated artifact, should not be committed)

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[netlify]

✅ Deploy Preview for whimsical-kitsune-85066d ready!

Name	Link
🔨 Latest commit	5a98d31
🔍 Latest deploy log	https://app.netlify.com/projects/whimsical-kitsune-85066d/deploys/69d077c2cf3d4e0008b56dbc
😎 Deploy Preview	https://deploy-preview-147--whimsical-kitsune-85066d.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for spiffy-liger-8bab58 ready!

Name	Link
🔨 Latest commit	5a98d31
🔍 Latest deploy log	https://app.netlify.com/projects/spiffy-liger-8bab58/deploys/69d077c24a2b490008bec44d
😎 Deploy Preview	https://deploy-preview-147--spiffy-liger-8bab58.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull request overview

This PR replaces live-server with serve in the project’s development tooling to eliminate unfixable transitive vulnerabilities and updates lockfiles accordingly.

Changes:

• Swap live-server@^1.2.0 → serve@^14.2.6 in devDependencies.
• Update the dev script to use serve on port 8080.
• Regenerate package-lock.json to reflect the new dependency tree.

Reviewed changes

Copilot reviewed 1 out of 3 changed files in this pull request and generated 1 comment.

File	Description
package.json	Replaces live-server with serve and updates the dev script accordingly.
package-lock.json	Updates the dependency graph to remove live-server and its transitive dependencies.
node_modules/.package-lock.json	Updated npm-generated lock artifact under node_modules/ (should not be tracked).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[DavidKRK]

@copilot @copilot Peux-tu exécuter les actions que tu m'as proposé précédemment ?

[Copilot]

@copilot @copilot Peux-tu exécuter les actions que tu m'as proposé précédemment ?

Done in commit 5a98d31. node_modules/.package-lock.json has been removed from git tracking with git rm --cached. Since node_modules is already in .gitignore, this file will no longer appear in future diffs or commits.

[DavidKRK]

@copilot donne un résumer

[DavidKRK]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot donne un résumer

Voici un résumé de ce PR :

Problème : live-server@1.2.x embarquait 11 vulnérabilités transitives non corrigeables (7 élevées, 4 modérées) — principalement des ReDoS dans debug, ms, micromatch, braces et picomatch.

Solution :

• live-server@^1.2.0 → serve@^14.2.6 dans devDependencies
• Script dev mis à jour : npx live-server --port=8080 → npx serve --listen 8080
• package-lock.json regénéré — supprime ~193 paquets vulnérables ; npm audit signale désormais 0 vulnérabilité
• node_modules/.package-lock.json retiré du suivi git (artefact généré par npm, ne devait pas être versionné)

@copilot apply changes based on the comments in this thread

Already done. The only actionable change in that review thread was removing node_modules/.package-lock.json from git tracking, which was applied in commit 5a98d31 (git rm --cached node_modules/.package-lock.json). The thread is now marked as resolved.