Security Vulnerability Blocked by Corrupted Lockfile: ajv ReDoS Risk Persists in Dependencies

A moderate-severity security vulnerability (CVSS 5.5) in the ajv JSON schema validator library has been identified but cannot be automatically patched due to a corrupted project lockfile. The vulnerability is a Regular Expression Denial of Service (ReDoS) that affects versions of ajv below 8.18.0 when using the $data option. The current project version is 8.17.1, which is vulnerable, while the patched version 8.18.0 is available. The automated security update process via Dependabot is completely blocked because the `/package-lock.json` file is unparseable, preventing any dependency updates. This leaves the project exposed to a potential denial-of-service attack vector. The proposed solution is to manually regenerate the lockfile by deleting it and running `npm install`, then committing the valid file. Following this, ajv must be explicitly upgraded to version 8.18.0 or higher, and Dependabot must be re-run to confirm the alert is resolved. The acceptance criteria for fixing this issue are a valid package-lock.json file with no parsing errors, the ajv dependency upgraded to a safe version, and the Dependabot security alert closed. This is classified as a security, dependency, and maintenance issue.