Update npm packages to fix security vulnerabilities

[Copilot]

Addresses security vulnerabilities identified by npm audit in both frontend and backend packages.

Backend (8 → 0 vulnerabilities)

• mongoose ^5.10.9 → ^6.13.6: Fixes critical search injection vulnerabilities (GHSA-m7xq-9374-9rvx, GHSA-vg7j-7cwx-8wgw)
• nodemon ^2.0.4 → ^3.1.11: Fixes semver ReDoS via simple-update-notifier
• axios, express, form-data, brace-expansion: Auto-fixed via npm audit fix

Frontend (149 → 9 vulnerabilities)

• react-scripts 4.0.3 → ^5.0.1: Resolves majority of deep dependency vulnerabilities

Remaining 9 vulnerabilities are dev-only transitive dependencies (webpack-dev-server, svgo, postcss) that cannot be resolved without breaking changes and do not affect production builds.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>update npm pakages incase of any security issues</issue_title>
<issue_description>Please have a look this issue and fix security issues based on packages.
Becareful about breaking changes so you don't need to use latest versions in case of an conflict etc</issue_description>

<agent_instructions>good luck</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes update npm pakages incase of any security issues #3

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.