Fix/eslint plugin kit

[badasswp]

This PR fixes the security issue: #3

Description / Background Context

The ConfigCommentParser#parseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service (ReDoS) attack in its only argument.

The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped expression is not anchored. This can be solved by prepending the regular expression with [^-a-zA-Z0-9/].

const { ConfigCommentParser } = require("@eslint/plugin-kit");

const str = `${"A".repeat(1000000)}?: 1 B: 2`;

console.log("start")
var parser = new ConfigCommentParser();
console.log(parser.parseJSONLikeConfig(str));
console.log("end")

// run `npm i @eslint/plugin-kit@0.3.3` and `node attack.js`
// then the program will stuck forever with high CPU usage

This is a Regular Expression Denial of Service attack which may lead to blocking execution and high CPU usage.

Testing Instructions

• Re-run pnpm install.
• Observe that eslint/plugin-kit is now upgraded to 0.3.3.
• sculpt cli works correctly as before.