Sync PR for dependabot issues

[subodhr258]

This pull request updates several dependencies in the package.json file and introduces an overrides section to address specific sub-dependency versions for improved security and compatibility. The main focus is on keeping the build tooling and related packages up to date and secure.

Dependency updates:

• Bumped @wordpress/scripts from version 30.21.0 to 31.5.0 to ensure compatibility with the latest WordPress development tools.
• Updated css-minimizer-webpack-plugin from 7.0.2 to 8.0.0 for improved CSS optimization and compatibility.

Dependency management and security:

• Added an overrides section to explicitly specify sub-dependency versions for @wordpress/scripts, minimatch, and monaco-editor to address known issues and vulnerabilities in certain version ranges.

[github-actions]

🔍 WordPress Plugin Check Report

⚠️ Status: Passed with warnings

📊 Report

🎯 Total Issues	❌ Errors	⚠️ Warnings
16	0	16

---

⚠️ Warnings (16)

📁 composer.json (1 warning)

📍 Line	🔖 Check	💬 Message
0	missing_composer_json_file	The "/vendor" directory using composer exists, but "composer.json" file is missing.

📁 readme.txt (2 warnings)

📍 Line	🔖 Check	💬 Message
0	mismatched_plugin_name	Plugin name "GoDAM - Organize WordPress Media Library & File Manager with Unlimited Folders for Images, Videos & more" is different from the name declared in plugin header "GoDAM".
0	trademarked_term	The plugin name includes a restricted term. Your chosen plugin name - "GoDAM - Organize WordPress Media Library & File Manager with Unlimited Folders for Images, Videos & more" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.

📁 assets/build/css/main.css (1 warning)

📍 Line	🔖 Check	💬 Message
0	EnqueuedStylesScope	This style is being loaded in all contexts.

📁 assets/src/libs/analytics.min.js (6 warnings)

📍 Line	🔖 Check	💬 Message
0	EnqueuedScriptsScope	This script is being loaded in all frontend contexts.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880 (with handle analytics-library) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/2026/03/10/hello-world/ (with handle analytics-library) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/sample-page/ (with handle analytics-library) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/demo-attachment-post/ (with handle analytics-library) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/?godam-video=demo-godam-video-post (with handle analytics-library) is loaded in the footer. Consider a defer or async script loading strategy instead.

📁 assets/build/js/main.min.js (6 warnings)

📍 Line	🔖 Check	💬 Message
0	EnqueuedScriptsScope	This script is being loaded in all frontend contexts.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880 (with handle rtgodam-script) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/2026/03/10/hello-world/ (with handle rtgodam-script) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/sample-page/ (with handle rtgodam-script) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/demo-attachment-post/ (with handle rtgodam-script) is loaded in the footer. Consider a defer or async script loading strategy instead.
0	NonBlockingScripts.NoStrategy	This script on http://localhost:8880/?godam-video=demo-godam-video-post (with handle rtgodam-script) is loaded in the footer. Consider a defer or async script loading strategy instead.

---

🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check

[Copilot]

Pull request overview

This PR updates JavaScript build tooling dependencies and introduces npm overrides to pin specific transitive dependency versions, aiming to address security/vulnerability advisories and improve compatibility of the project’s frontend build pipeline.

Changes:

• Bump @wordpress/scripts from 30.21.0 to 31.5.0.
• Bump css-minimizer-webpack-plugin from 7.0.2 to 8.0.0.
• Add overrides entries to pin/patch transitive dependencies (e.g., svgo, minimatch, serialize-javascript, webpack-dev-server, dompurify).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The overrides entry forces webpack-dev-server to 5.2.1 for any version <5.2.1 under @wordpress/scripts, but @wordpress/scripts@31.5.0 declares webpack-dev-server as ^4.15.1 (per the lockfile). Forcing a major upgrade (4 → 5) via overrides can break wp-scripts start and related dev-server integration. Consider scoping this override to only the affected 5.x range (e.g. webpack-dev-server@>=5 <5.2.1) or pinning to the latest patched 4.x instead, unless @wordpress/scripts has been verified to work with 5.x.

Suggested change

	"webpack-dev-server@<5.2.1": "5.2.1"
	"webpack-dev-server@>=5 <5.2.1": "5.2.1"

[Copilot]

These dependency bumps effectively raise the minimum supported Node.js version (e.g. css-minimizer-webpack-plugin@8 requires Node >=20.9.0, and several transitive deps now require Node >=20). Since package.json doesn’t declare an engines constraint, installs can fail unexpectedly for contributors following the (currently documented) Node 16+ prerequisite. Consider adding an engines field (and aligning docs in a follow-up) to reflect the new minimum Node/npm versions required by the toolchain.