Vulnerable dependencies reported during build process

[martin-kokos]

When building, npm reports many deprectaions and vulnerabilities: 22 vulnerabilities (1 low, 8 moderate, 12 high, 1 critical)

make[2]: Entering directory '/home/x/repos/activitywatch/aw-server-rust/aw-webui'
npm ci
npm warn EBADENGINE Unsupported engine {
npm warn EBADENGINE   package: '@achrinza/node-ipc@9.2.7',
npm warn EBADENGINE   required: {
npm warn EBADENGINE     node: '8 || 9 || 10 || 11 || 12 || 13 || 14 || 15 || 16 || 17 || 18 || 19 || 20'
npm warn EBADENGINE   },
npm warn EBADENGINE   current: { node: 'v22.2.0', npm: '10.7.0' }
npm warn EBADENGINE }
npm warn deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm warn deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm warn deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm warn deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm warn deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm warn deprecated rollup-plugin-terser@7.0.2: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-terser
npm warn deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm warn deprecated consolidate@0.15.1: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm warn deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm warn deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm warn deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
npm warn deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm warn deprecated workbox-cacheable-response@6.6.0: workbox-background-sync@6.6.0
npm warn deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1

added 2200 packages, and audited 2201 packages in 39s

225 packages are looking for funding
  run `npm fund` for details

22 vulnerabilities (1 low, 8 moderate, 12 high, 1 critical)

Is it possible to bump at least vulnerable versions?

[TimeToBuildBob]

Submitted PR #771 to reduce vulnerabilities via npm overrides (37 → 32).

The remaining 32 vulnerabilities are all rooted in the Vue 2 ecosystem (vue 2.x is EOL) — they cannot be resolved without a Vue 3 migration. The fixable transitive deps (minimatch, webpack-dev-server) are now overridden to patched versions.

Previously PR #762 also fixed some (qs, babel).