Bump tmp and patch-package in /vuu-ui #1429

	name: Node CVE Scanning

	on:
	push:
	paths:
	- "**/package.json"
	- ".github/workflows/cve-scanning-node.yml"
	- "vuu-ui/allow-list.xml"

	jobs:

	node-modules-scan:
	runs-on: ubuntu-latest

	env:
	OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
	OSS_INDEX_API_KEY: ${{ secrets.OSS_INDEX_API_KEY }}

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Set up Node
	uses: actions/setup-node@v3
	with:
	node-version: 20.x

	- name: Build project with NPM
	run: npm install --omit=dev
	working-directory: vuu-ui

	- name: Depcheck
	if: ${{ env.OSS_INDEX_USERNAME != '' && env.OSS_INDEX_API_KEY != '' }}
	uses: dependency-check/Dependency-Check_Action@1b5d19fd4a32ff0ff982e8c9d8e27dbf7ac8a46c
	id: Depcheck
	with:
	project: 'vuu-ui'
	path: 'vuu-ui'
	format: 'HTML'
	out: 'reports'
	args: >
	--ossIndexUsername ${{ env.OSS_INDEX_USERNAME }}
	--ossIndexPassword ${{ env.OSS_INDEX_API_KEY }}
	--suppression allow-list.xml
	--nodeAuditSkipDevDependencies
	--nodePackageSkipDevDependencies
	--failOnCVSS 7
	--enableRetired

	- name: Upload Test results
	if: ${{ always() }}
	uses: actions/upload-artifact@v4
	with:
	name: Depcheck report
	path: ${{ github.workspace }}/reports

Provide feedback