fix(security): add csrf filter + prevent xss attacks by escaping user input

- update CI4 to v4.1.9's stable production package
- update php and js dependencies to latest

app/Controllers/EpisodeController.php

@@ -134,6 +134,7 @@ class EpisodeController extends BaseController
 
                 return view('episode/activity', $data);
             }
+
             // The page cache is set to a decade so it is deleted manually upon podcast update
             return view('episode/activity', $data, [
                 'cache' => $secondsToNextUnpublishedEpisode