fix #539: address vulnerabilities with npm audit fix

[mathematiCode]

Description

Addresses 3 vulnerabilities that came up using npm audit fix.

Before:

After:

Closes #539

Testing instructions

run npm audit in the terminal

Pre-submission checklist

✅ Code builds and passes locally
✅ PR title follows Conventional Commit format (e.g. test #001: created unit test for __ component)
❓ Request reviews from the Peer Code Reviewers and Senior+ Code Reviewers groups
✅ Thread has been created in Discord and PR is linked in gis-code-questions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
elecretanta	Ready	Preview	Comment	Sep 11, 2025 9:42pm
elecretanta-storybook	Ready	Preview	Comment	Sep 11, 2025 9:42pm
elecretanta-unit-test	Error			Sep 11, 2025 9:42pm

[nickytonline]

To be honest npm audit fix isn't that great. I even talked again recently to one of the people that worked on this for npm who basically said that. 😅 We're better off with Dependabot udpates configured in the project that run say weekly. I don't have access to the project settings, so I can't say if we have that configured or not.

[nickytonline]

This needs to be rebased. Assuming the project builds and tests are passing, this is probably good to go, but as mentioned, Dependabot running on the project is the route to go for dependency updates.

[nickytonline]

@mathematiCode, you mentioned in Discord:

I didn't run npm audit fix --force to update the Next JS version yet because I wasn't sure if that was okay to do. Do you think I should do that and then you both re-approve or just leave it as is?

Just wondering what the package-lock.json changes are is all.

[nickytonline]

One thing I'd suggest as npm audit causes a lot of noise, is if we don't already have it in place in the project, consider adding Dependabot to do weekly updates of packages. cc: @shashilo