chore: cherry pick security fixes for v3.2.1 backport [security]

[aabmass]

Note this is being merged into a new branch v3.2.1-release for a backport release, which starts at tag v3.2.0. I have cherry picked a few upgrades to fix security vulnerabilities and build issues.

npm audit fix --omit=dev

up to date, audited 87 packages in 2s

8 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

[aabmass]

CLA bot is complaining about a Xoogler, but these commits are cherry-picks which were already present in the repo.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 49.48454% with 98 lines in your changes missing coverage. Please review.
✅ Project coverage is 41.92%. Comparing base (364d89d) to head (22f8ab4).
⚠️ Report is 2 commits behind head on v3.2.1-release.

Files with missing lines	Patch %	Lines
proto/profile.js	48.14%	98 Missing ⚠️

Additional details and impacted files

@@                Coverage Diff                 @@
##           v3.2.1-release     #263      +/-   ##
==================================================
- Coverage           42.21%   41.92%   -0.30%     
==================================================
  Files                  14       14              
  Lines                2061     2092      +31     
  Branches               42       42              
==================================================
+ Hits                  870      877       +7     
- Misses               1173     1197      +24     
  Partials               18       18              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[aabmass]

I verified the system tests are passing locally so will ignore those kokoro results