Fix tmp vulnerability and package-lock.json parsing issues

[Jadhielv]

This PR addresses Dependabot alert #105 regarding a vulnerability in the tmp package (CVE-2023-45133) which allows arbitrary temporary file/directory write via symbolic link in the dir parameter.

The fix involves forcing the use of tmp@^0.2.5 (the patched version) throughout the kctest-frontend project using npm's overrides field. This replaces the previous vulnerable tmp@0.0.33 (used by external-editor) and ensures all dependencies use a safe version.

Additionally, I've regenerated package-lock.json to resolve the "not parseable" error that was preventing Dependabot from functioning correctly. The new lockfile is consistent with the updated package.json and follows the standard format for the current npm version.

Verification:

• npm list tmp shows all occurrences deduped to 0.2.5.
• npm audit no longer reports any vulnerabilities for tmp.
• npm run unit and npm run lint both pass successfully.

---

PR created automatically by Jules for task 14573045193175956704 started by @Jadhielv

Summary by CodeRabbit

• Chores
  • Updated package dependency versions to improve application stability and compatibility.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

This PR relocates the tmp dependency override from the ESLint-specific overrides block to the top-level overrides in package.json, simultaneously updating its version from ^0.2.4 to ^0.2.5.

Changes

Cohort / File(s)	Summary
Dependency Override Restructure kctest-frontend/package.json	Moved tmp override from eslint-specific overrides to top-level overrides and bumped version from ^0.2.4 to ^0.2.5.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Resolve Ajv and PostCSS security vulnerabilities via overrides #730: Modifies the same tmp dependency override in package.json, adjusting its location and version within the overrides configuration.

Poem

🐰 A little hop, a version bump so neat,
From nest to nest, the override takes a seat,
From 0.2.4 to 0.2.5 we go,
In overrides' heart, let tmp now flow! 📦✨

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-tmp-vulnerability-alert-105-14573045193175956704

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}