Resolve npm audit vulnerabilities in fast-uri and webpack-dev-server

[thunderavi]

Problem

npm audit --audit-level=moderate reports one high severity advisory and one moderate severity advisory.

Reproduction

npm ci
npm audit --audit-level=moderate

Current result

• fast-uri <=3.1.1: high severity path traversal / host confusion advisories.
• webpack-dev-server <=5.2.3: moderate severity cross-origin source code exposure advisory.

Expected result

npm audit --audit-level=moderate should pass with zero known moderate-or-higher vulnerabilities.

Suggested fix

Run npm audit fix or manually update the dependency chain that brings in these versions, then verify lockfile changes and the test suite.

[kotebhakti30]

Hi @thunderavi,

I would like to work on this issue under GSSoC'26.

Description

After reviewing the issue, I understand that the Jest test suite currently fails on a clean installation because several tests depend on optional peer dependencies that are not installed by default. This prevents contributors from running the test suite successfully after a standard npm ci.

Possible Cause

Some test files directly reference optional provider packages such as pg, @tensorflow/tfjs, @google/genai, sql.js, stripe, @sentry/node, nodemailer, and @aws-sdk/client-s3. Since these packages are not installed in a default setup, Jest encounters module resolution failures and terminates the test run.

Proposed Fix

• Identify all failing test suites that rely on optional dependencies
• Implement appropriate virtual mocks for optional provider packages where required
• Review whether specific dependencies should be moved to development dependencies for testing purposes
• Separate provider-specific tests from the default test suite when appropriate
• Ensure optional integrations do not break the core testing workflow
• Validate that the test suite passes successfully after a clean npm ci

Expected Outcome

• Contributors can run the default test suite successfully without installing optional provider packages
• Jest tests become more reliable and contributor-friendly
• Optional integrations remain testable without affecting the core CI workflow
• Improved project onboarding and development experience

Please assign this issue to me. Thank you!