Fix cross-spawn security vulnerability without breaking webpack dependencies

[Copilot]

This PR resolves the cross-spawn ReDoS security vulnerability (GHSA-3xgq-45jj-v275) that was preventing Dependabot PR #75 from merging due to CI failures.

Problem

The original Dependabot PR #75 failed with the following error:

npm ERR! Found: webpack@4.44.2
npm ERR! node_modules/webpack
npm ERR! peer webpack@">=5.0.0" from terser-webpack-plugin@5.2.3
npm ERR! node_modules/terser-webpack-plugin

This occurred because the dependency update process attempted to upgrade terser-webpack-plugin to version 5.2.3, which requires webpack 5.0.0 or higher, but the project uses webpack 4.44.2.

Solution

Instead of forcing dependency upgrades that cause peer dependency conflicts, this PR uses npm audit fix to safely resolve the cross-spawn vulnerability. This approach:

• Upgrades cross-spawn from 7.0.3 to 7.0.6 (which includes the security fix)
• Maintains compatibility with existing webpack and build tool versions
• Preserves all existing functionality without breaking changes

Verification

The fix has been verified by:

1. Running npm install && npm run build successfully
2. Confirming cross-spawn is upgraded to the secure version 7.0.6
3. Ensuring no webpack or terser-webpack-plugin conflicts occur
4. Testing both clean installs and builds

After this change, the remaining security vulnerabilities are in esbuild/vite which would require breaking changes and are outside the scope of this cross-spawn fix.

Fixes #108.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.