Purpose of the change

Dependabot has identified 230 issues. This PR includes an audit of package dependencies for security vulnerabilities directly from the CLI, replicating what Dependabot does.

Description

As above. This PR updates packages identified as having CVE and other security issues.

Fixes/Closes

Closes many Dependabot issues.

Type of change

• Security (improves security without changing functionality)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.

• Manual verification (list step-by-step instructions)

Ran these command to find the issues

npm audit
uvx pip-audit -r requirements.txt

Ran these commands to fix the identified issues

npm audit fix
uv lock --upgrade-package <package_name> # for packages pip-audit identified. uv will automatically bump them to the latest secure version allowed by your constraints.

Checklist

• I have signed the commit(s) within this pull request
• My code follows the style guidelines of this project (See STYLE_GUIDE.md)
• I have performed a self-review of my own code
• My changes generate no new warnings
• New and existing unit tests pass locally with my changes
• I have checked my code and corrected any misspellings

Maintainer Checklist

• Confirmed all checks passed
• Contributor has signed the commit(s)
• Reviewed the code
• Run, Tested, and Verified the change(s) work as expected

Screenshots/Gifs

N/A

Further comments

Not all CVEs have a fix.
Not all packages can be updated due to missing dependencies.

Because diskcache 5.6.3 is the latest version and the npm modules are blocked waiting on major ecosystem packages (like @discordjs and openclaw upgrading their own tar definitions), there are currently no non-breaking automated fixes available.