security: bump fsevents to latest(SEC- 2161)

[katesaikishore]

Changes

• Bump fsevents to latest (2.3.3 → ^2.3.3) in package.json and package-lock.json
  • Addresses compatibility issues with Node 18+ and fixes the sandbox-compatibility error in CI
• Lockfile cleanup
  • Regenerated package-lock.json to remove outdated entries and avoid conflicts

References

• Security ticket: SEC-2025-0421
• Resolves security vulnerability SEC-2161
• Related GitHub issue: chore: Upgrade fsevents to latest #2609

Testing

• Installed dependencies and confirmed npm install completes without errors
• Ran unit tests (npm test) — all tests pass
• Ran e2e tests (npm run test:e2e -- --no-sandbox) in CI environment — ChromeHeadless now starts successfully
• Verified local build (npm run build) and manual smoke test of Lock UI

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All code quality tools/guidelines have been run/followed (npm run lint, npm run test:es-check)
• All relevant assets have been compiled

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 42.54%. Comparing base (e89a37d) to head (4354ada).
Report is 17 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2643   +/-   ##
=======================================
  Coverage   42.54%   42.54%           
=======================================
  Files         120      120           
  Lines        3145     3145           
  Branches      337      337           
=======================================
  Hits         1338     1338           
  Misses       1713     1713           
  Partials       94       94           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[arpit-jn]

LGTM

[ankita10119]

Quick note -
Updated the PR title and description to security: since it addresses a security vulnerability and compatibility issues.
@katesaikishore
Please verify all your commits.

[katesaikishore]

@ankita10119

Quick note - Updated the PR title and description to security: since it addresses a security vulnerability and compatibility issues. @katesaikishore please verify all your commits.

Yes, it's fine. I think if everything is fine, we can merge this pr?