Consolidate Dependabot security fixes (#2–#9) into single PR

[Copilot]

Eight separate Dependabot PRs each addressed individual transitive/dev dependency vulnerabilities. This consolidates all of them into one reviewable change.

Direct dependency update (package.json)

• semantic-release: ^17.0.4 → ^19.0.3

Security fixes via regenerated package-lock.json

Package	Fix	Vulnerability
decode-uri-component	0.2.0 → 0.2.2	DoS (GHSA-w573-4hg7-7wgq)
json5	1.0.1 → 1.0.2	Prototype pollution
qs	6.5.2 → 6.5.3	Prototype pollution
loader-utils	1.4.0 → 1.4.2	ReDoS + prototype pollution
ansi-regex	→ 5.0.1	ReDoS (CVE-2021-3807)
minimist	1.2.5 → 1.2.8	Prototype pollution
handlebars	updated	Prototype pollution
@semantic-release/npm	7.0.5 → 7.1.3	(+ got removed as unused dep)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Create a single PR with Dependabot PR fixes 2-9</issue_title>
<issue_description>Dependabot created #2, #3, #4, #5, #6, #7, #8, and #9. Can you create a single PR with the fixes of all the others in it. The goal would be to have a single PR that does what is in all the others. It's easier to review a single PR vs tons of separate ones.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Create a single PR with Dependabot PR fixes 2-9 #11

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.