deps: bump the production-dependencies group across 1 directory with 2 updates (#198)

* deps: bump the production-dependencies group across 1 directory with 2 updates

Bumps the production-dependencies group with 2 updates in the / directory: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) and [jsonpath-plus](https://github.com/s3u/JSONPath).


Updates `@actions/core` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `jsonpath-plus` from 10.3.0 to 10.4.0
- [Release notes](https://github.com/s3u/JSONPath/releases)
- [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md)
- [Commits](JSONPath-Plus/JSONPath@v10.3.0...v10.4.0)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: jsonpath-plus
  dependency-version: 10.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Initial plan

* fix: convert project to ESM to support @actions/core v3

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>

Author: 3 people

__tests__/main.test.ts

@@ -1,4 +1,4 @@
-import {normalizeCweId} from '../src/utils'
+import {normalizeCweId} from '../src/utils.js'
 
 describe('main', () => {
   it('placeholder test', () => {