Security: Patch 16 npm vulnerabilities (Next.js 15 upgrade & overrides)

[ArshVermaGit]

Description

This PR addresses the 16 security vulnerabilities (9 High, 7 Moderate) flagged by npm audit.

Crucially, we did not run npm audit fix --force, as doing so would have destructively downgraded next-auth to v3, downgraded next-pwa, and upgraded Next.js to an unstable v16 Canary branch. Instead, this PR takes a surgical approach to isolate and patch the vulnerable dependencies while preserving application stability.

Resolved Issue

Resolves #1536

Fixes:

• 🛡️ Sub-dependency Overrides: Enforced safe versions of uuid (buffer bounds fix), serialize-javascript (RCE fix), glob (command injection fix), and esbuild using the overrides field in package.json.
• 🛡️ PostCSS Bump: Updated postcss to ^8.5.10 to patch a known XSS vulnerability.
• 🚀 Next.js 15 Upgrade: Safely bumped next and eslint-config-next to 15.1.x (Stable) to resolve multiple critical vulnerabilities natively within Next.js (including DoS via Image Optimizer, SSRF in middleware, and cache poisoning).
• 🚀 Vitest Bump: Upgraded vitest to latest to ensure compatibility and patch a path traversal vulnerability in vite.

How to Verify

1. Pull down this branch.
2. Run npm install.
3. Run npm audit and verify that the vulnerability count is at 0 (or severely reduced for non-fixable deep dependencies).
4. Run npm run test and npm run test:e2e to ensure the Next.js 15 major version bump did not introduce regressions in routing or authentication.
5. Run npm run build to ensure the production build still compiles successfully.

[vercel]

@ArshVermaGit is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[ArshVermaGit]

Hi @Priyanshu-byte-coder ! Issue #1536 has been resolved. Please review the PR and merge it under GSSoC. Thanks!