fix(security): add csrf filter + prevent xss attacks by escaping user input

- update CI4 to v4.1.9's stable production package
- update php and js dependencies to latest

modules/Fediverse/Objects/NoteObject.php

@@ -44,7 +44,7 @@ class NoteObject extends ObjectType
             $this->inReplyTo = $post->reply_to_post->uri;
         }
 
-        $this->replies = url_to('post-replies', $post->actor->username, $post->id);
+        $this->replies = url_to('post-replies', esc($post->actor->username), $post->id);
 
         $this->cc = [$post->actor->followers_url];
     }