chore(deps): update dependency jsonpath-plus to v10.3.0 [security] (#9326)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [jsonpath-plus](https://redirect.github.com/s3u/JSONPath) | [`10.2.0`
->
`10.3.0`](https://renovatebot.com/diffs/npm/jsonpath-plus/10.2.0/10.3.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/jsonpath-plus/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jsonpath-plus/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jsonpath-plus/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jsonpath-plus/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2025-1302](https://nvd.nist.gov/vuln/detail/CVE-2025-1302)

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to
Remote Code Execution (RCE) due to improper input sanitization. An
attacker can execute aribitrary code on the system by exploiting the
unsafe default usage of eval='safe' mode.

**Note:**

This is caused by an incomplete fix for CVE-2024-21534.

---

### Release Notes

<details>
<summary>s3u/JSONPath (jsonpath-plus)</summary>

###
[`v10.3.0`](https://redirect.github.com/s3u/JSONPath/blob/HEAD/CHANGES.md#1030)

[Compare
Source](https://redirect.github.com/s3u/JSONPath/compare/v10.2.0...v10.3.0)

- fix(eval): rce using non-string prop names
([#&#8203;237](https://redirect.github.com/s3u/JSONPath/issues/237))
- feat(demo): make demo link shareable
([#&#8203;238](https://redirect.github.com/s3u/JSONPath/issues/238))
-   chore: update deps. and devDeps.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjE2Ny4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

frontend/package.json

@@ -130,7 +130,7 @@
   "resolutions": {
     "@codemirror/state": "6.5.2",
     "@xmldom/xmldom": "^0.9.0",
-    "jsonpath-plus": "10.2.0",
+    "jsonpath-plus": "10.3.0",
     "json5": "^2.2.2",
     "vite": "5.4.14",
     "semver": "7.7.0",

frontend/yarn.lock

@@ -6740,9 +6740,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"jsonpath-plus@npm:10.2.0":
-  version: 10.2.0
-  resolution: "jsonpath-plus@npm:10.2.0"
+"jsonpath-plus@npm:10.3.0":
+  version: 10.3.0
+  resolution: "jsonpath-plus@npm:10.3.0"
   dependencies:
     "@jsep-plugin/assignment": "npm:^1.3.0"
     "@jsep-plugin/regex": "npm:^1.0.4"
@@ -6750,7 +6750,7 @@ __metadata:
   bin:
     jsonpath: bin/jsonpath-cli.js
     jsonpath-plus: bin/jsonpath-cli.js
-  checksum: 10c0/46480781a0a0b5347dc592fd69ef7ff0fa5a5e322a3f1f23997319e77ee937762366d722facafcc5e8d16101e9cdf1ae14df1f1777b2933990aadd0cdb20d8f5
+  checksum: 10c0/f5ff53078ecab98e8afd1dcdb4488e528653fa5a03a32d671f52db1ae9c3236e6e072d75e1949a80929fd21b07603924a586f829b40ad35993fa0247fa4f7506
   languageName: node
   linkType: hard