🛡️ chore: Bump ESLint Tooling Deps and Resolve ajv Security Vulnerability

[danny-avila]

Summary:

I updated ESLint-related dependencies and postcss-preset-env to address a moderate-severity ReDoS vulnerability in ajv (GHSA-2g4f-4pwh-qvx6) and refresh stale PostCSS tooling.

• Add an npm override pinning ajv to 6.14.0 under eslint to remediate the ReDoS vulnerability in the transitive ajv@6.12.6 dependency (eslint → @eslint/eslintrc → ajv).
• Bump @eslint/eslintrc from ^3.3.1 to ^3.3.4 to pick up the latest patch fixes.
• Upgrade postcss-preset-env from ^8.2.0 to ^11.2.0, which is ESM-only but compatible via require(esm) on our Node 20.19.0+ floor. No CSS nesting is used in the codebase, so the v10 nesting-order behavior change has no impact.

Change Type

• Bug fix (non-breaking change which fixes an issue)

Testing

Run npm audit and verify ajv no longer appears as a vulnerability. Run npm run build and npm run frontend:dev to confirm the PostCSS upgrade doesn't introduce build regressions.

Test Configuration:

• Node.js v20.19.0+
• npm 11.x

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• My changes do not introduce new warnings

[Copilot]

Pull request overview

This PR bumps ESLint-related dependencies and PostCSS tooling as part of a maintenance update. The changes include a minor update to @eslint/eslintrc and a major version jump for postcss-preset-env, along with associated transitive dependency updates.

Changes:

• Bumped @eslint/eslintrc from ^3.3.1 to ^3.3.4 with ajv updated from 6.12.6 to 6.14.0
• Upgraded postcss-preset-env from ^8.2.0 to ^11.2.0 (skipping major versions 9, 10, 11)
• Added npm override to pin ajv to version 6.14.0 for ESLint packages

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.

File	Description
package.json	Updated @eslint/eslintrc version and added eslint.ajv override
package-lock.json	Resolved all transitive dependency updates including major version bumps for @csstools packages, autoprefixer, and PostCSS plugins
client/package.json	Updated postcss-preset-env to match breaking changes

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The postcss-preset-env upgrade from ^8.2.0 to ^11.2.0 (skipping major versions 9, 10, 11) introduces a critical Node.js version requirement. All the new @csstools packages and postcss-preset-env itself now require Node.js >=20.19.0. The Dockerfile currently uses node:20-alpine which may not meet this requirement depending on the specific 20.x version available. This could lead to runtime errors when building or running the application.

To ensure compatibility, please verify that:

1. The Node.js version in the Docker image is at least 20.19.0
2. Local development environments meet this requirement
3. CI/CD pipelines use a compatible Node version

Consider explicitly specifying node:20.19-alpine or later in the Dockerfile to prevent version mismatch issues.

[Copilot]

The eslint.ajv override structure appears unusual. According to npm's overrides documentation, the typical pattern for nested overrides would be:

"eslint": {
  "ajv": "6.14.0"
}

However, this creates an override path suggesting ajv is a dependency of eslint. Looking at the package-lock.json, ajv is actually a dependency of @eslint/eslintrc (which is a dependency of eslint).

The more precise override path would be:

"@eslint/eslintrc": {
  "ajv": "6.14.0"
}

or for the full path:

"eslint": {
  "@eslint/eslintrc": {
    "ajv": "6.14.0"
  }
}

While the current structure may work due to npm's resolution algorithm, it's not the standard pattern and could lead to confusion or unintended side effects.

Suggested change

	"eslint": {
	"@eslint/eslintrc": {