fix: update jsonpath-plus to 10.3.0 across CRUD web apps (Security v1.11)

[utruong309]

Summary

This PR updates jsonpath-plus to v10.3.0 across all CRUD web app frontends:

• components/crud-web-apps/common/frontend/kubeflow-common-lib
• components/crud-web-apps/jupyter/frontend
• components/crud-web-apps/tensorboards/frontend
• components/crud-web-apps/volumes/frontend

Reason for Update

This version bump addresses security issues raised in the v1.11 vulnerability scan:

• CVE-2024-21534
• CVE-2025-1302

This PR is part of the security & maintenance hardening for the v1.11 release.

Changes

• Updated "jsonpath-plus": "10.3.0" in all affected packages. json files
• Updated corresponding package-lock.json entries
• Verified consistent versions across all CRUD web apps

Notes

• No functional or UI changes.
• Tests and builds will be validated via CI pipelines and Prow workflows.
• This PR is one of the required updates defined in:
  • [TASK] [Security] Fix Vulnerabilities in CRUD Web Apps (v1.11 Release) [TASK] [Security] Fix Vulnerabilities in CRUD Web Apps (v1.11 Release) kubeflow/notebooks#783

Checklist

• Updated all packages. JSON files
• Updated all package-lock. JSON files
• Ensured version consistency across CRUD web apps
• Signed-off commits (DCO)

[liavweiss]

Hey @utruong309, thank you very much for your contribution.
Please note that we need this code merged into kubeflow/notebooks:notebooks-v1
Could you update the pull request accordingly?
You’ll need to fork the repository at https://github.com/kubeflow/notebooks
and open the PR from there.

[utruong309]

Hi @liavweiss, thank you so much for letting me know! I've created the PRs for the first 2 tasks in the main repo and am waiting for review and approval:

PR kubeflow#789: Update form-data to 4.0.4 across CRUD web apps (Security v1.11)
PR kubeflow#787: Update jsonpath-plus to 10.3.0 across CRUD web apps (Security v1.11)

Feel free to take a look whenever you have a moment!