kubeflow-centraldashboard: fix GHSA-rhx6-c78j-4q9w (#39269)

Author: hectorj2f

kubeflow-centraldashboard.yaml

@@ -1,7 +1,7 @@
 package:
   name: kubeflow-centraldashboard
   version: 1.9.2
-  epoch: 2
+  epoch: 3
   description: Landing page and central dashboard for Kubeflow deployments
   copyright:
     - license: MIT
@@ -30,6 +30,10 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: 315ee7e305e8b7485c975283fb7e5751d21f267d
 
+  - uses: patch
+    with:
+      patches: GHSA-rhx6-c78j-4q9w.patch
+
   - working-directory: components/centraldashboard
     runs: |
       # Create "overrides" section of package.json
@@ -54,7 +58,6 @@ pipeline:
         "follow-redirects": "^1.15.6",
         "express": "^4.20.0",
         "@grpc/grpc-js": "^1.10.9",
-        "path-to-regexp": "0.1.10",
         "serve-static": "^1.16.0",
         "cookie": "0.7.0",
         "jsonpath-plus": "10.0.7"

kubeflow-centraldashboard/GHSA-rhx6-c78j-4q9w.patch

@@ -0,0 +1,14 @@
+diff --git a/components/centraldashboard/package.json b/components/centraldashboard/package.json
+index a8f2e45..b9c3d12 100644
+--- a/components/centraldashboard/package.json
++++ b/components/centraldashboard/package.json
+@@ -258,7 +258,8 @@
+     },
+     "overrides": {
+         "pug-loader": {
+-            "pug": "^3.0.1"
++            "pug": "^3.0.1",
++            "path-to-regexp": "0.1.12"
+         }
+     }
+ }