fix(deps): resolve audit check failures

[ywnaing]

Summary

Resolve the current audit check failures in ml-api-adapter using local dependency overrides.

Changes

• bump overridden fast-xml-parser from 5.5.7 to 5.7.0
• add an override for uuid to 14.0.0

Why

This clears the current failing audit paths:

• openapi-sampler > fast-xml-parser
• nyc > istanbul-lib-processinfo > uuid

For uuid, this change is based on GitHub advisory GHSA-w5hq-g745-h8pq, which marks all versions below 14.0.0 as affected and 14.0.0 as the patched version. That means a smaller version bump would not satisfy the advisory.

uuid was added as an override instead of updating nyc because ml-api-adapter is already on the latest published nyc release, and the latest published istanbul-lib-processinfo still depends on uuid@^8.3.2. There is currently no newer upstream nyc release available that resolves this advisory path.

Verification

• npm install
• npm test
• npm run audit:check

Notes

• fast-xml-parser is in the application dependency tree through OpenAPI tooling
• uuid is pulled in transitively through coverage tooling: nyc -> istanbul-lib-processinfo
• the uuid override is a cross-major override, but the full unit suite passed with it in place

References

• GHSA-gh4j-gqv2-49f6
• GHSA-w5hq-g745-h8pq
• nyc on npm
• istanbul-lib-processinfo on npm

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud