fix: npm audit to fix vulns

[carlosthe19916]

Fixes: https://redhat.atlassian.net/browse/TC-3978, https://redhat.atlassian.net/browse/TC-3563

• Execute npm audit fix
• Align versions to the main branch: "playwright", "axios", "react-hook-form", "@hey-api/openapi-ts", "jest-environment-jsdom"

This should give us a fresh npm ci:

182 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Summary by Sourcery

Update dependencies to address security vulnerabilities and align with the main branch versions.

Enhancements:

• Bump axios, react-hook-form, @hey-api/openapi-ts, @playwright/test, and jest-environment-jsdom to newer versions across client, e2e, and root packages.
• Adjust OpenAPI TS generator config to use a postProcess pipeline with prettier and eslint instead of separate format/lint options.

Build:

• Regenerate package-lock and environment files as part of refreshing the dependency tree after npm audit fixes.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR refreshes dependency versions across the client, e2e, and root projects—primarily axios, react-hook-form, @hey-api/openapi-ts, @playwright/test, and jest-environment-jsdom—to resolve npm audit vulnerabilities and aligns the OpenAPI generator config with the newer @hey-api/openapi-ts format options while regenerating lockfiles and env scaffolding.

Flow diagram for npm audit fix and dependency alignment

flowchart TD
  A[Run npm audit] --> B{Vulnerabilities found?}
  B -- Yes --> C[Run npm audit fix]
  C --> D[Update dependency versions in package.json files]
  D --> E[Regenerate package-lock.json]
  E --> F[Align versions with main branch]
  F --> G[Update tool configs e.g. openapi-ts postProcess]
  G --> H[Run npm ci]
  H --> I{Vulnerabilities remaining?}
  I -- No --> J[Pipeline passes with 0 vulnerabilities]
  I -- Yes --> K[Investigate and apply manual fixes]

Loading

File-Level Changes

Change	Details	Files
Update client runtime and build-time dependencies to audited, main-branch-aligned versions.	Bump axios to ^1.13.5 in client dependencies. Bump react-hook-form to ^7.66.1 in client dependencies. Bump @hey-api/openapi-ts to ^0.94.0 in client devDependencies to match main and npm audit output. Regenerate client/package-lock.json for the new dependency tree and vulnerability fixes.	client/package.json package-lock.json
Update e2e test dependencies to newer versions compatible with audit fixes and main branch.	Relax and bump @playwright/test to ^1.57.0 in e2e devDependencies. Align e2e axios version to ^1.13.5. Regenerate e2e portions of package-lock.json for updated e2e dependency graph.	e2e/package.json package-lock.json
Adjust OpenAPI TS generator configuration to the new API for formatting and linting.	Replace deprecated separate format and lint options with postProcess array using ["prettier", "eslint"].	client/config/openapi-ts.config.ts
Align Jest jsdom environment version with the Jest major version used in the repo.	Bump jest-environment-jsdom from ^29.7.0 to ^30.2.0 in root devDependencies. Update lockfile to reflect the new jest-environment-jsdom version.	package.json package-lock.json
Synchronize environment configuration files as part of npm audit / dependency refresh.	Update root .env file contents (likely to align with main or tooling expectations). Update e2e/etc/.env to match new or cleaned environment settings.	.env e2e/etc/.env

Possibly linked issues

• #(not specified): PR upgrades axios to 1.13.5, directly resolving the reported high-severity vulnerability from npm audit.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The change from separate format/lint fields to postProcess: ["prettier", "eslint"] in the openapi-ts config relies on the new API; consider confirming that the generated client output and invocation (e.g. any scripts that call it) still behave as expected with this configuration style.
• The e2e @playwright/test dependency was changed from an exact version to a caret range; if deterministic CI runs are important, consider keeping this pinned or using a lockfile strategy that guarantees consistent Playwright versions across environments.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The change from separate `format`/`lint` fields to `postProcess: ["prettier", "eslint"]` in the openapi-ts config relies on the new API; consider confirming that the generated client output and invocation (e.g. any scripts that call it) still behave as expected with this configuration style.
- The e2e `@playwright/test` dependency was changed from an exact version to a caret range; if deterministic CI runs are important, consider keeping this pinned or using a lockfile strategy that guarantees consistent Playwright versions across environments.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}