🐛 security: Fix NPM dependency vulnerabilities in frontend package

[ANAMASGARD]

Description

This PR fixes all npm security vulnerabilities in the frontend package by running npm audit fix --force and updating transient dependency versions.

Fixes #2311

Solution

Applied npm audit fix which updated transient dependency versions in package-lock.json to their patched versions.

Changes

• File: frontend/package-lock.json
• Action: Updated dependency lock versions to resolve security vulnerabilities

ScreenShot

Testing

• npm audit shows 0 vulnerabilities
• npm install completes successfully
• Application runs correctly with npm run dev

Checklist

• Security vulnerabilities resolved
• No breaking changes introduced
• Application tested locally

[kubestellar-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign onkar717 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kubestellar-prow]

Hi @ANAMASGARD. Thanks for your PR.

I'm waiting for a kubestellar member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Copilot]

Copilot wasn't able to review any files in this pull request.

Files not reviewed (1)

• frontend/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The removal of "peer": true from @babel/core changes its dependency classification. This package is typically a peer dependency for build tools. Removing this flag may cause it to be installed as a direct dependency, potentially leading to version conflicts or duplicate installations. Verify this change is intentional and necessary for the security fix.

Suggested change

	"dev": true,
	"dev": true,
	"peer": true,

[Copilot]

Removing "peer": true from @emotion/react changes it from a peer dependency to a direct dependency. This is a production dependency that is typically expected to be provided by the consuming application as a peer dependency. This change could result in multiple versions of @emotion/react being installed, leading to React context issues and increased bundle size. This doesn't appear to be related to a security fix.

Suggested change

	"integrity": "sha512-O000MLDBDdk/EohJPFUqvnp4qnHeYkVP5B0xEG0D/L7cOKP9kefu2DXn8dj74cQfsEzUqh+sr1RzFqiL1o+PpA==",
	"integrity": "sha512-O000MLDBDdk/EohJPFUqvnp4qnHeYkVP5B0xEG0D/L7cOKP9kefu2DXn8dj74cQfsEzUqh+sr1RzFqiL1o+PpA==",
	"peer": true,

[Copilot]

Removing "peer": true from @emotion/styled changes it from a peer dependency to a direct dependency. Like @emotion/react, this is a production dependency that should remain a peer dependency. This change could cause version conflicts and runtime issues with React emotion styling.

Suggested change

	"integrity": "sha512-XxfOnXFffatap2IyCeJyNov3kiDQWoR08gPUQxvbL7fxKryGBKUZUkG6Hz48DZwVrJSVh9sJboyV1Ds4OW6SgA==",
	"integrity": "sha512-XxfOnXFffatap2IyCeJyNov3kiDQWoR08gPUQxvbL7fxKryGBKUZUkG6Hz48DZwVrJSVh9sJboyV1Ds4OW6SgA==",
	"peer": true,

[Copilot]

Removing "peer": true from @mui/system changes its dependency classification. This package should remain a peer dependency as it's part of the Material-UI ecosystem and has peer dependencies on React and Emotion.

[Copilot]

Removing "peer": true from react is a critical error. React must be a peer dependency to ensure only one instance exists in the application. Multiple React instances will cause hooks errors, context issues, and break the application. This change is unrelated to security fixes and must be reverted.

Suggested change

	"integrity": "sha512-DGrYcCWK7tvYMnWh79yrPHt+vdx9tY+1gPZa7nJQtO/p8bLTDaHp4dzwEhQB7pZ4Xe3ok4XKuEPrVuc+wlpkmw==",
	"integrity": "sha512-DGrYcCWK7tvYMnWh79yrPHt+vdx9tY+1gPZa7nJQtO/p8bLTDaHp4dzwEhQB7pZ4Xe3ok4XKuEPrVuc+wlpkmw==",
	"peer": true,

[Copilot]

Removing "peer": true from @mui/material is problematic. Material-UI is a production dependency with peer dependencies on React and Emotion. Changing this to a direct dependency could lead to multiple instances being installed, causing theming and styling issues.

[Copilot]

Removing "peer": true from @react-three/fiber is incorrect. This package is a React renderer for Three.js and should be a peer dependency to ensure a single instance is used across the application. Multiple instances would cause context and rendering issues.

Suggested change

	"license": "MIT",
	"license": "MIT",
	"peer": true,

[Copilot]

Removing "peer": true from @tanstack/react-query changes it from a peer dependency to a direct dependency. This is a state management library that should typically remain a peer dependency to avoid multiple instances, which could cause data synchronization issues.

Suggested change

	"integrity": "sha512-Ift3IUNQqTcaFa1AiIQ7WCb/PPy8aexZdq9pZWLXhfLcLxH0+PZqJ2xFImxCpdDZrFRZhLJrh76geevS5xjRhA==",
	"integrity": "sha512-Ift3IUNQqTcaFa1AiIQ7WCb/PPy8aexZdq9pZWLXhfLcLxH0+PZqJ2xFImxCpdDZrFRZhLJrh76geevS5xjRhA==",
	"peer": true,

[Copilot]

Removing "peer": true from @testing-library/dom appears incorrect. Testing libraries are typically peer dependencies in the dev dependency graph. While this is a dev dependency, changing its classification could affect how it's resolved during testing.

Suggested change

	"dev": true,
	"dev": true,
	"peer": true,

[Copilot]

Removing "peer": true from three is problematic. Three.js is typically a peer dependency in the 3D rendering ecosystem to ensure a single version is used across all three.js-related packages. This could lead to version conflicts and rendering issues.

Suggested change

	"integrity": "sha512-eCmhlLGbBgucuo4VEA9IO3Qpc7dh8Bd4VKzr7WfW4+8hMcIfoAVi1ev0pJYN9PTTsCslbcKgBwr2wNZ1EvLInA=="
	"integrity": "sha512-eCmhlLGbBgucuo4VEA9IO3Qpc7dh8Bd4VKzr7WfW4+8hMcIfoAVi1ev0pJYN9PTTsCslbcKgBwr2wNZ1EvLInA==",
	"peer": true

[Arpit529Srivastava]

@kunal-511 @btwshivam do we need this?

[clubanderson]

Hi @ANAMASGARD 👋

This PR has merge conflicts that need to be resolved. You can do this with:

git fetch origin
git rebase origin/main
# Resolve any conflicts in your editor
git add .
git rebase --continue
git push --force-with-lease

Once rebased, the CI checks will run again. Let us know if you need any help!

[kubestellar-prow]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.