fix: prevent mass assignment of userId in updateTask (closes #1373) (#1374)

Co-authored-by: Aryan Das <122392506+aryandas2911@users.noreply.github.com>

Author: vipul674

backend/controllers/taskController.js

@@ -200,8 +200,9 @@ export const updateTask = async (req, res) => {
       });
     }
 
-    // fetch update task details
-    const updates = req.body;
+    // fetch update task details, strip protected fields to prevent mass assignment
+    const { userId: _ignored, _id: __ignored, ...safeUpdates } = req.body;
+    const updates = safeUpdates;
 
     // validate title length if title is being updated
     if (updates.title && updates.title.trim().length > 50) {