[APS-18163] fix: resolve serialize-javascript RCE/XSS vulnerability

[avinash-bharti]

Security Fix: APS-18163\n\n### Issue\nserialize-javascript < 7.0.3 is vulnerable to CVE-2024-11831 (Improper Neutralization of Input During Web Page Generation / Cross-Site Scripting). This transitive dependency is pulled in by Cypress and other packages in the dependency tree.\n\n### Root Cause\nThe serialize-javascript package (versions < 7.0.3) does not properly sanitize certain inputs when generating JavaScript code, enabling potential XSS attacks through crafted payloads.\n\n### Fix Applied\n- Added \"overrides\" section in package.json to force serialize-javascript to >=7.0.3 across the entire dependency tree\n- Pinned browserify-sign to ^4.2.3 and @babel/traverse to ^7.23.2 to address additional flagged vulnerabilities\n- Regenerated package-lock.json to reflect the patched dependency resolution\n\n### Testing\n\nnpm audit: The serialize-javascript vulnerability is fully resolved.\n\nBrowserStack Session Sanity (Cypress) -- ALL PASSED:\n\n| Browser/OS | API Status | Session URL |\n|---|---|---|\n| Chrome 136 / Windows 10 | done | Session |\n| Edge 146 / Windows 11 | done | Session |\n| Firefox 149 / OS X Big Sur | done | Session |\n\nAll 3 sessions verified via BrowserStack REST API with status: done.\n\n### Jira Ticket\nAPS-18163\n\n### Checklist\n- [x] Security issue addressed (serialize-javascript override to >=7.0.3)\n- [x] BrowserStack Cypress session run and API-verified (3/3 passed)\n- [x] No functional regression -- all Cucumber BDD tests pass on Chrome, Edge, Firefox