chore: dependabot vulnerability fix

[Ayaz-Microsoft]

Purpose

• ...Vulnerabilities count: Critical- 1, High- 13

Does this introduce a breaking change?

• Yes
• No

How to Test

• Get the code

git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install

• Test the code

What to Check

Verify that the following are valid

• ...

Other Information

[Copilot]

Pull request overview

Updates dependency pins/lockfiles across backend, MCP server, and frontend to address reported security vulnerabilities.

Changes:

• Bump Python deps in backend (fastapi, nltk, pyasn1, plus updated lockfile transitive deps like starlette).
• Bump MCP server deps (fastmcp and lockfile updates including authlib/pyjwt transitive changes).
• Add/override frontend npm deps to remediate vulnerabilities (rollup, flatted, and minimatch override) and refresh package-lock.json.

Reviewed changes

Copilot reviewed 3 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/mcp_server/uv.lock	Updates locked Python packages for the MCP server (e.g., authlib/fastmcp/pyjwt).
src/mcp_server/pyproject.toml	Bumps fastmcp runtime dependency pin.
src/frontend/package.json	Adds dev dependency pins and an npm overrides entry for vulnerable transitive deps.
src/frontend/package-lock.json	Refreshes lockfile to reflect the updated/overridden npm dependency graph.
src/backend/uv.lock	Updates locked Python packages for the backend (e.g., fastapi/nltk/pyasn1 and new transitive deps).
src/backend/pyproject.toml	Bumps backend runtime dependency pins (fastapi, nltk, pyasn1).

Files not reviewed (1)

• src/frontend/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.