chore: resolve shell-quote to 1.8.4 (clears critical CVE)

[EightRice]

Summary

A critical advisory landed on shell-quote <1.8.4 (command injection — quote() does not escape newlines in object .op values). It reaches the tree only through react-scripts dev/build tooling:

• react-scripts > react-dev-utils > shell-quote
• react-scripts > webpack-dev-server > launch-editor > shell-quote

These run only during yarn start (local dev) — not in the production bundle Netlify ships, so it isn't exploitable by site visitors. Pinned via resolution regardless, to keep the audit clean and the next security report green.

In-range patch bump (1.8.3 → 1.8.4), single copy in the tree.

Audit impact

Severity	Before	After
Critical	2	0

(Both criticals were this same shell-quote advisory via the two paths above.)

Test plan

• yarn install — clean, single shell-quote@1.8.4 in tree
• npx tsc --noEmit — green
• yarn audit --level critical — 0 criticals
• Resolution-only change; no source files touched.

[netlify]

✅ Deploy Preview for tezos-homebase ready!

Name	Link
🔨 Latest commit	6b01038
🔍 Latest deploy log	https://app.netlify.com/projects/tezos-homebase/deploys/6a2d6b0b43480600088b1c10
😎 Deploy Preview	https://deploy-preview-951--tezos-homebase.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 27 (🟢 up 2 from production) Accessibility: 91 (no change from production) Best Practices: 83 (no change from production) SEO: 92 (no change from production) PWA: 70 (no change from production) View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.