Fix CodeQL security alerts and update vulnerable dependencies

[manoj-selvakumar5]

Issue #, if available:

Description of changes:

Fixes CodeQL alerts and updates vulnerable dependencies.

CodeQL Fixes

• Path injection: Added user_id validation in strands-playground/main.py
• XSS: Replaced innerHTML with textContent/DOMPurify in websocket_client.html, hvac/index.html
• Clear-text logging: Removed PII from logs in list_appointments.py, lambda_function.py
• Prototype pollution: Added role validation in websocket_client.html
• Stack trace exposure: Return generic errors in paid_server.py

Dependency Updates

• Updated urllib3, filelock, starlette, mcp, nltk, aiohttp, and npm packages across 20+ files.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[github-actions]

Latest scan for commit: c3262f7 | Updated: 2025-12-20 07:10:46 UTC

✅ Security Scan Report (PR Files Only)

Scanned Files

• 01-tutorials/01-fundamentals/09-bidirectional-streaming/websocket_client.html
• 02-samples/01-restaurant-assistant/requirements.txt
• 02-samples/05-personal-assistant/requirements.txt
• 02-samples/07-whatsapp-fintech-sample/lambdas/lambda_function.py
• 02-samples/07-whatsapp-fintech-sample/requirements.txt
• 02-samples/10-multi-modal-email-assistant-agent/Multi-modal-data-ingest/requirements.txt
• 02-samples/10-multi-modal-email-assistant-agent/requirements.txt
• 02-samples/12-medical-document-processing-assistant/requirements.txt
• 02-samples/13-aws-audit-assistant/requirements.txt
• 02-samples/15-custom-orchestration-airline-assistant/src/requirements.txt
• ... and 20 more files

---

Security Scan Results

Critical	High	Medium	Low	Info
0	0	0	0	0

Threshold: High

No security issues detected in your changes. Great job!

This scan only covers files changed in this PR.