Merge pull request #2531 from cfpb/2489-snyk-security-vulnerability-patch

Addresses vulnerabilities identified by snyk, veracode, and dependabot.

## Changes

### depenedencies
- `@uswds/compile`: `1.2.0` -> `1.3.1`
- `ansi-html`: `0.0.8` -> `0.0.9`
- `http-proxy-middleware`: `2.0.7` to `2.0.8`
- `vite`: `5.4.15` -> `5.4.19`

### resolutions
- `cross-spawn`: `>=7.0.6` (used by Jest, Jest v30 will resolve this vulnerability but is currently still in beta)
- `glob`: `>=10.4.5` (this version removes the vulnerable inflight package that is used by Jest: Jest v30 will resolve this vulnerability but is currently still in beta)

## Testing

1. Does the site function normally?
2. Do all the tests still pass?

Closes #2489
Addresses #4869 (ENT)

Author: billhimmelsbach

package.json

@@ -30,9 +30,9 @@
     "@redux-devtools/extension": "^3.3.0",
     "@reduxjs/toolkit": "^1.9.7",
     "@tanstack/react-table": "8.20.5",
-    "@uswds/compile": "^1.2.0",
+    "@uswds/compile": "^1.3.1",
     "@uswds/uswds": "3.9.0",
-    "ansi-html": "0.0.8",
+    "ansi-html": "0.0.9",
     "csv-parse": "4.16.3",
     "date-fns": "^4.1.0",
     "detect-browser": "4.8.0",
@@ -91,11 +91,11 @@
     "enzyme": "3.11.0",
     "enzyme-adapter-react-16": "1.15.2",
     "eslint-plugin-prettier": "3.1.1",
-    "http-proxy-middleware": "2.0.7",
+    "http-proxy-middleware": "2.0.9",
     "jest": "^29.7.0",
     "react-icons": "^4.4.0",
     "serialize-javascript": "5.0.1",
-    "vite": "5.4.15",
+    "vite": "5.4.19",
     "vite-plugin-node-polyfills": "0.22.0",
     "vite-plugin-svgr": "^4.1.0"
   },
@@ -118,7 +118,9 @@
     "dompurify": "3.2.4",
     "esbuild": "0.25.0",
     "canvg": "3.0.11",
-    "elliptic": "6.6.1"
+    "elliptic": "6.6.1",
+    "cross-spawn": ">=7.0.6",
+    "glob": ">=10.4.5"
   },
   "packageManager": "yarn@4.1.0"
 }