Resolve npm audit vulnerabilities and fix ESLint configuration

[Copilot]

Addresses all npm audit security vulnerabilities in the VSCode extension and fixes broken linter configuration.

Dependency Updates

Updated three dependencies via npm audit fix:

• lodash 4.17.21 → 4.17.23 - Prototype Pollution in _.unset/_.omit (GHSA-xxjr-mmjv-4gpg)
• qs 6.14.0 → 6.14.1 - DoS via memory exhaustion (GHSA-6rw7-vpxm-498p)
• undici 6.21.3 → 6.23.0 - Resource exhaustion via unbounded decompression (GHSA-g9mf-h72j-4rw9)

ESLint Configuration Fix

Renamed .eslintrc.js → .eslintrc.cjs to resolve CommonJS module error. The package.json specifies "type": "module", requiring .cjs extension for CommonJS config files.

Changelog

Added v1.0.69 entry documenting dependency updates and configuration fix.

Original prompt

Combine the dependency bumps from #711, #710 and #704 into one PR that also resolves any other issues posed by npm audit as well. Be sure to also add an update to the change log appropriately.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[gfs]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 3 pipeline(s).

[gfs]

/azp run

[gfs]

@copilot does this PR also cover the change in #704?

[Copilot]

@copilot does this PR also cover the change in #704?

Yes, the tar-fs dependency from PR #704 is already at version 2.1.4 in the current package-lock.json. It was updated in a prior commit (dfbcb5b), so this PR maintains that update.

This PR explicitly updated:

• lodash: 4.17.21 → 4.17.23
• qs: 6.14.0 → 6.14.1 (PR Bump qs from 6.14.0 to 6.14.1 in /DevSkim-VSCode-Plugin #710)
• undici: 6.21.3 → 6.23.0

All three dependency updates from #704, #710, and #711 are covered in the current state.

[gfs]

Superceded by #716