Fix all Dependabot issues marked "Critical"

[mfarina1]

• https://github.com/NASA-AMMOS/anms/security/dependabot/21
• https://github.com/NASA-AMMOS/anms/security/dependabot/20
• https://github.com/NASA-AMMOS/anms/security/dependabot/19
• https://github.com/NASA-AMMOS/anms/security/dependabot/8
• https://github.com/NASA-AMMOS/anms/security/dependabot/7
• https://github.com/NASA-AMMOS/anms/security/dependabot/4

[mfarina1]

The following are each of the issues with solutions and time estimations, as per @njbrunner 's analysis:
#21: crypto-js
Issues:
The default cryptographic hash algorithm is insecure
Only uses a single iteration
Solutions:
Upgrade package version to 4.2.0 (latest) where the default hash algorithm and number of iterations has been updated
Replace the package usage with the native Crypto module that is built into NodeJS
Considerations:
My recommendation would be to proceed with replacing this package with the native Crypto module as active development on this package has been suspended and is no longer maintained.
Resolution:
Remove crypto-js as a dependency
Locate all usages of crypto-js in the application code and replace with usage of the native Crypto module
Time Estimation:
1 to 2 days of work to find/replace all usage of crypto-js and complete testing

#20, #19: Babel
Issue:
@babel/traverse < 7.23.2 is vulnerable to arbitrary code execution when compiling
Solution:
We don’t directly utilize @babel/traverse but the likely culprit is @bable/polyfill. @babel/polyfill has been deprecated in favor of directly including core-js/stable. Therefore we should remove this package and implement core-js/stable.
Considerations:
@babel/polyfill is deprecated in favor of core-js/stable
Resolution:
Remove @babel/polyfill as a dependency from the anms-ui/server and anms-ui/public
Locate all usages of @babel/polyfill in the application code and replace with usage of the core-js/stable module
Time Estimation:
1 to 2 days of work to find/replace all usage of @bable/polyfill and complete testing

#8: flat
Issue:
Flat < 5.0.1 has a vulnerability that leads to improperly controlled modification of object prototype attributes
Solution:
Upgrade flat to the latest version 6.0.1
Considerations:
Release notes should be reviewed to ensure compatibility
Resolution:
Upgrade flat to version 6.0.1
Update any necessary usages based on new version
Time Estimation:
1 day to update the version and complete testing

#7: webpack loader-utils
Issue:
Prototype pollution vulnerability in loader-utils < 1.4.1
Solution:
Loader-utils likely comes from our usage of webpack, we should upgrade webpack to a version that supports a higher version of loader-utils (5.95.0, latest) with a vulnerability patch
Considerations:
Release notes should be reviewed to ensure compatibility of a new webpack version
Resolution:
Upgrade webpack to latest version 5.95.0
Time Estimation:
2 days to upgrade webpack and complete testing

#4: ejs
Issue:
Template injection vulnerability in ejs < 3.1.7
Solution:
Upgrade ejs to the latest version 3.1.10
Considerations:
We should inspect the code to validate that the ejs package is actually being utilized
Since our application is built with Vue, it shouldn’t be necessary to use ejs
Resolution:
Determine whether the use of ejs is necessary, if so upgrade ejs package to 3.1.10
Time Estimation:
2 days to inspect code and determine the need for ejs, upgrade to 3.1.10 if necessary, and complete testing