CVE-2024-41818 odh-dashboard-container: ReDOS at currency parsing in currency.js [main]

[DaoDaoNoCode]

JIRA: https://issues.redhat.com/browse/RHOAIENG-12691

Description

This CVE is from fast-xml-parser package, which is a sub-dependency of minio package. We don't use the package anymore because we removed it in #3086 and use DSP Artifacts API to fetch the storage object instead of connecting to the minio.
So remove the dependency here to fix the CVE.

How Has This Been Tested?

Make sure there is no fast-xml-parser in package-lock.json and the dashboard is running with no problem.

Test Impact

N/A

Request review criteria:

Self checklist (all need to be checked):

• The developer has manually tested the changes and verified that the changes work
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has added tests or explained why testing cannot be added (unit or cypress tests for related changes)

If you have UI changes:

• Included any necessary screenshots or gifs if it was a UI change.
• Included tags to the UX team if it was a UI/UX change.

After the PR is posted & before it merges:

• The developer has tested their solution on a cluster by using the image produced by the PR to main

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.28%. Comparing base (4fabe0c) to head (dd9b38a).
Report is 5 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3193   +/-   ##
=======================================
  Coverage   85.27%   85.28%           
=======================================
  Files        1258     1258           
  Lines       27690    27691    +1     
  Branches     7372     7373    +1     
=======================================
+ Hits        23614    23615    +1     
  Misses       4076     4076           

see 5 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4fabe0c...dd9b38a. Read the comment docs.

[Gkrumbach07]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Gkrumbach07

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Gkrumbach07]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment