Upgrade dependencies

[kenkunz]

Goal

As a frontend developer, I want dependencies to be up-to-date, so that we are not open to security vulnerabilities and can take advantage of the latest bug fixes, performance improvements and enhancements.

Background

See Dependabot alerts.

We currently have 9 high severity alerts:

• DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS (High)
• body-parser vulnerable to denial of service when url encoding is enabled (High)
• path-to-regexp outputs backtracking regular expressions (High)
• Server-Side Request Forgery in axios (High)
• fast-xml-parser vulnerable to ReDOS at currency parsing (High)
• ws affected by a DoS when handling a request with many HTTP headers (High)
• ws affected by a DoS when handling a request with many HTTP headers (High)
• Uncontrolled resource consumption in braces (High)
• ws affected by a DoS when handling a request with many HTTP headers (High)
• Vite's server.fs.deny is bypassed when using ?import&raw (Moderate)
• Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS (Moderate)
• express vulnerable to XSS via response.redirect() (Moderate)
• send vulnerable to template injection that can lead to XSS (Moderate)
• serve-static vulnerable to template injection that can lead to XSS (Moderate)
• Regular Expression Denial of Service (ReDoS) in micromatch (Moderate)
• Svelte has a potential mXSS vulnerability due to improper HTML escaping (Moderate)
• Elliptic's ECDSA missing check for whether leading bit of r and s is zero (Low)
• Elliptic allows BER-encoded signatures (Low)
• Elliptic's EDDSA missing signature length check (Low)