Fix: Resolve 20 security vulnerabilities in dependencies (#983)

* Fix critical bug causing subtasks to disappear when updating parent task

This fixes a serious bug where updating tags, priority, status, or due_date
on a parent task would inadvertently delete all its subtasks.

Root Cause:
1. Backend serializer returns `subtasks: []` when Subtasks association is not loaded
2. Frontend was spreading entire task object when updating, sending `subtasks: []`
3. Backend updateSubtasks() interpreted empty array as "delete all subtasks"

Solution:
Remove object spreading from updateTask calls. Only send the specific fields
being updated, not the entire task object.

Fixes the issue reported where assigning tags to a task caused subtasks to vanish.

Related: #TBD (GitHub issue to be created)

* fix: upgrade dependencies to resolve security vulnerabilities

- jest-environment-jsdom: 29.0.0 → 30.3.0
- nodemailer: 7.0.10 → 8.0.4
- sqlite3: 5.1.7 → 6.0.1

All npm audit vulnerabilities resolved (20 high/critical → 0).
Tests passing (1157 pass, 1 pre-existing failure unrelated to upgrades).

package.json

@@ -103,7 +103,7 @@
     "i18next-http-backend": "^3.0.2",
     "identity-obj-proxy": "^3.0.0",
     "jest": "^29.0.0",
-    "jest-environment-jsdom": "^29.0.0",
+    "jest-environment-jsdom": "^30.3.0",
     "lint-staged": "^16.2.7",
     "nodemon": "~3.0.1",
     "postcss": "^8.4.47",
@@ -158,11 +158,11 @@
     "multer": "~2.1.0",
     "nanoid": "^3.3.7",
     "node-cron": "~4.1.0",
-    "nodemailer": "^7.0.10",
+    "nodemailer": "^8.0.4",
     "sequelize": "~6.37.7",
     "sequelize-cli": "~6.6.2",
     "slugify": "^1.6.6",
-    "sqlite3": "~5.1.7",
+    "sqlite3": "^6.0.1",
     "swagger-jsdoc": "^6.2.8",
     "swagger-ui-express": "^5.0.1",
     "use-debounce": "^10.0.6",