chore: Updated Dependabot security packages

[Vamshi-Microsoft]

Purpose

This pull request updates several dependencies in both the frontend and backend, focusing on keeping the project up to date with security and compatibility improvements. The most significant changes are dependency upgrades for core frontend libraries and the addition of new dependencies for both frontend and backend environments.

Frontend dependency upgrades and additions:

• Upgraded axios from ^1.15.2 to ^1.17.0 in both package.json and package-lock.json, bringing in new sub-dependencies such as https-proxy-agent and updating follow-redirects. [1] [2] [3]
• Upgraded react-router-dom and react-router from ^7.14.2 to ^7.17.0 in both package.json and package-lock.json, ensuring compatibility with the latest React routing features. [1] [2] [3] [4]
• Added brace-expansion@^2.0.1 to package.json and updated its version in package-lock.json, removing the obsolete concat-map dependency. [1] [2] [3]

Backend dependency addition:

• Added werkzeug>=3.1.6 to the backend's requirements.txt, which may be required for improved security or compatibility in the FastAPI stack.

Other dependency updates:

• Added new dependencies to the lockfile, such as agent-base and https-proxy-agent, and updated some metadata for existing packages (e.g., removing unnecessary dev flags). [1] [2] [3] [4]

These updates help ensure the project uses the latest, most secure, and best-supported versions of its core dependencies.

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

• ...

Other Information

[github-actions]

Coverage Report •

File	Stmts	Miss	Cover	Missing
TOTAL	2221	385	82%

report-only-changed-files is enabled. No files were changed during this commit :)

Tests	Skipped	Failures	Errors	Time
282	0 💤	0 ❌	0 🔥	9.424s ⏱️

[Copilot]

Pull request overview

This pull request updates dependency versions across the frontend (npm) and backend (Python) to incorporate security/compatibility updates, primarily by bumping key frontend libraries and adjusting lockfile resolutions.

Changes:

• Bumped frontend dependencies: axios to ^1.17.0 and react-router-dom to ^7.17.0.
• Updated package-lock.json to reflect new resolved versions and transitive dependency changes (e.g., follow-redirects, https-proxy-agent, agent-base).
• Added werkzeug>=3.1.6 to backend requirements.txt.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File	Description
src/frontend/package.json	Updates direct dependency versions and adds an override for brace-expansion.
src/frontend/package-lock.json	Updates resolved versions and transitive dependency graph for the frontend.
src/backend/requirements.txt	Adds werkzeug to backend Python dependencies.

Files not reviewed (1)

• src/frontend/package-lock.json: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.