fix(deps): resolve serialize-javascript RCE vulnerability (GHSA)

Override serialize-javascript to ^7.0.3 to fix code injection via
RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix
for CVE-2020-7660).

Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser
-> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x.

Also fixes immutable prototype pollution (npm audit fix).

Author: Serph91P

app/frontend/package-lock.json

@@ -38,5 +38,8 @@
     "vite-plugin-pwa": "^1.2.0",
     "vite-plugin-vue-devtools": "^8.0.7",
     "vue-tsc": "^3.2.5"
+  },
+  "overrides": {
+    "serialize-javascript": "^7.0.3"
   }
 }