Switch to expr-eval-fork for security fixes (prototype pollution)

[alexluckett]

Proposed change

Switch to expr-eval-fork, which is an actively maintained fork of expr-eval since the original creator is MIA.

There's a pending PR to fix a vulnerability with the evaluate(..) function which I am waiting to land as 2.0.3 which I'll include on Monday. Update: done, bumped to 3.0.0.

Jira ticket: DF-641

Type of change

• Bug fix
• New feature
• Breaking change
• Misc. (documentation, build updates, etc)

Checklist

• You have executed this code locally and it performs as expected.
• You have added tests to verify your code works.
• You have added code comments and JSDoc, where appropriate.
• There is no commented-out code.
• You have added developer docs in README.md and docs/* (where appropriate, e.g. new features).
• The tests are passing (npm run test).
• The linting checks are passing (npm run lint).
• The code has been formatted (npm run format).

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[alexluckett]

Waiting on QA, will merge soon.