Dependency security improved

In the server, nodemon v5.0.16 was depending on update-notifier v5.1, which has got v9.6 - which has a vulnerability - in its dependency chain. This was reportedly corrected in update-notifier v6, released very recently, but this still isn't included in nodemon v5.0.18 so manually changed dependency to update-notifier v6, which has removed the vulnerability and associated warning. See remy/nodemon#2023 for more info.

In the client, react-scripts had a vulnerability in dependency nth-check v1.0.2. Apparently it's sufficient to move react-scripts to devDependencies (facebook/create-react-app#11174) but I'm not sure if this will appease Dependabot. If not, I'll likely try manually updating the nth-check version in the dependency chain to see if that fixes the issue without breaking anything.