Fix security vulnerabilities that can't be automatically fixed by Dependabot alerts

[julianguyen]

Description

Update JS and Rails dependencies from this list of Dependabot alerts 🔒

Please make one PR per dependency update! There can be multiple assignees for this issue. Make a comment and state which dependency you'll be upgrading.

You'll be added to a specific org team so you can view the security page. You can't access it by default as an org member.

Do not update the Ruby, Rails, and React versions.

---

Please assign yourself (via the Assignees dropdown), if you do want to work on this issue. Can't find yourself? You need to join our organization.

Check out our Picking Up Issues guide if you haven't already!

[rohandaxini]

I am checking https://github.com/ifmeorg/ifme/security/dependabot/69 and will create a new issue if necessary.