Eliminate all critical vulnerabilities by updating dependencies

[Copilot]

Resolved 23 critical security vulnerabilities flagged by dependabot, reducing total vulnerabilities from 107 to 30.

Changes

Critical Fixes

• @babel/runtime ^7.2.0 → ^7.26.10 - Fixes arbitrary code execution in Babel (GHSA-67hx-6x53-jw92)
• jest ^24.8.0 → ^26.6.3 - Eliminates critical vulnerabilities in babel-traverse and form-data dependencies
• rollup ^0.68.0 → ^2.79.2 - Patches DOM clobbering XSS (GHSA-gcx4-mw62-g8wm)

Supporting Updates

• @babel/preset-env ^7.2.0 → ^7.23.2
• @babel/preset-react ^7.0.0 → ^7.22.15
• babel-eslint 9.x → 10.x - Required for eslint v7 compatibility
• eslint 5.x → 7.x
• eslint-config-react-app ^4.0.1 → ^5.2.1
• cross-env ^5.1.4 → ^7.0.3
• jest-watch-select-projects ^0.1.2 → ^2.0.0 - Eliminates old babel-core dependency chain
• jest-watch-typeahead ^0.3.1 → ^0.6.5
• jest-runner-eslint ^0.7.4 → ^0.11.1
• rollup-plugin-babel ^4.1.0 → ^4.4.0
• rollup-plugin-commonjs ^9.1.3 → ^10.1.0
• rollup-plugin-node-resolve ^4.0.0 → ^5.2.0

Remaining Issues

30 vulnerabilities remain (0 critical, 9 high, 16 moderate, 5 low), all in dev dependencies:

• serialize-javascript (via rollup-plugin-uglify) - requires downgrade to v5
• nth-check (via @svgr/rollup) - requires @svgr/[email protected]
• braces (via jest watch mode) - requires [email protected]

These are not shipped in production bundles and resolving them requires breaking changes.

Original prompt

Update dependencies to fix critical dependabot alert findings in this repository.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.