chore(deps): fix security vulnerabilities

[adrianschmidt-bot]

Summary

Fixes multiple security vulnerabilities identified by npm audit.

Fixed Vulnerabilities

Package	Vulnerability	Severity	Advisory
prismjs	XSS in Prism	High	GHSA-3949-f494-cm99
prismjs	DOM Clobbering	High	GHSA-x7hr-w5r2-h6wg
lodash	Prototype Pollution in _.unset/_.omit	Moderate	GHSA-xxjr-mmjv-4gpg
@babel/runtime-corejs3	Inefficient RegExp complexity	Moderate	GHSA-968p-4wvh-cqc8
ansi-regex	ReDoS	High	GHSA-93q8-gq69-wqmw
brace-expansion	ReDoS	Low	GHSA-v6h2-p8h4-qcjw
js-yaml	Prototype Pollution	Moderate	GHSA-mh29-5h37-fv8m
tmp	Symlink directory write	Low	GHSA-52f5-9888-hmc6

Remaining Vulnerability

trim / remark-parse (High) - Requires upgrading remark-parse from 8.x to 11.x, which is a breaking change involving the entire unified/remark ecosystem migration to ESM. This would need dedicated refactoring work and is out of scope for this PR.

Changes

• Updated prismjs to ^1.30.0
• Updated lodash to ^4.17.23
• Updated tmp to ^0.2.5 (+ test fix for new API)
• Ran npm audit fix for transitive dependencies

Summary by CodeRabbit

• Chores

  • Updated project dependencies to latest stable versions for improved compatibility and security.

• Tests

  • Enhanced test suite with improved cleanup handling for temporary resources.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates three npm dependencies to newer versions (prismjs, tmp, and lodash) and modifies test setup code to utilize the tmp library's automatic cleanup feature via the unsafeCleanup option parameter.

Changes

Cohort / File(s)	Summary
Dependency Updates package.json	Updated prismjs from ^1.20.0 to ^1.30.0, tmp from ^0.1.0 to ^0.2.5 (devDependencies), and lodash from ^4.17.19 to ^4.17.23 (dependencies).
Test Configuration src/kompendium/test/generator.spec.ts	Modified tmp.dirSync() call to include { unsafeCleanup: true } parameter for automatic cleanup of temporary directories.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 Hops of joy through version streams,
Dependencies updated in our dreams,
Temporary files cleaned with care,
Fresh stability floating in the air!
✨ A rabbit's code runs smooth and fast,
No lingering temp files from the past!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately reflects the main change: updating dependencies to fix security vulnerabilities. It directly aligns with the PR's primary objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jgroth]

🎉 This PR is included in version 1.1.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀