Resolve npm audit vulnerabilities and linting issues

[Copilot]

Fixes 9 security vulnerabilities and eliminates all linting errors/warnings.

Security Updates

• Updated vulnerable dependencies via npm audit fix:
  • @babel/runtime 7.26.7 → 7.28.6 (inefficient RegExp)
  • axios (DoS vulnerabilities)
  • react-router / react-router-dom (CSRF, XSS)
  • vite (file serving bypass)
  • lodash, js-yaml, brace-expansion, diff

Linting Fixes

• PlaceSitemapPage.tsx: Removed @ts-nocheck, added type assertions for recursive tree navigation:

  // Before: @ts-nocheck suppressing errors
  <ListComponents tree={value} level={level + 1} />
  
  // After: Proper typing
  <ListComponents 
    tree={value as Record<string, unknown> | Webcam} 
    level={(level + 1) as 0 | 1 | 2 | 3 | 4} 
  />

• Removed invalid sonarjs/cognitive-complexity rule from utils/collect.ts
• Added descriptions to @ts-expect-error directives in youtubeLint.ts
• Cleaned up 25 unused eslint-disable directives across 9 files
• Added React version detection to eslint config

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/yt-dlp/yt-dlp/releases/latest
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node scripts/postinstall.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.