Fix CVE packages

[johnsimons]

npm audit report

picomatch <=2.3.1 || 4.0.0 - 4.0.3
Severity: high
Picomatch has a ReDoS vulnerability via extglob quantifiers - GHSA-c2c7-rcm5-vvqj
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - GHSA-3v7f-55p6-f55p
fix available via npm audit fix
node_modules/anymatch/node_modules/picomatch
node_modules/picomatch

yaml 2.0.0 - 2.8.2
Severity: moderate
yaml is vulnerable to Stack Overflow via deeply nested YAML collections - GHSA-48c2-rrv3-qjmp
fix available via npm audit fix
node_modules/yaml

2 vulnerabilities (1 moderate, 1 high)

To address all issues, run:
npm audit fix

Reviewer Checklist

• Components are broken down into sensible and maintainable sub-components.
• Styles are scoped to the component using it. If multiple components need to share CSS, then a .css file is created containing the shared CSS and imported into component scoped style sections.
• Naming is consistent with existing code, and adequately describes the component or function being introduced
• Only functions utilizing Vue state or lifecycle hooks are named as composables (i.e. starting with 'use');
• No module-level state is being introduced. If so, request the PR author to move the state to the corresponding Pinia store.