fix(deps): resolve minimatch ReDoS and ajv vulnerabilities

[Mossaka]

Summary

• Updates minimatch from 10.2.1 to >=10.2.3 to fix two high-severity ReDoS vulnerabilities (GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74, CVSS 7.5)
• Updates ajv to >=8.18.0 to resolve moderate-severity vulnerability
• npm audit reports 0 vulnerabilities after the fix

Fixes #1147

Test plan

• npm ci installs with 0 vulnerabilities
• npm run build compiles successfully
• npm test passes all 821 tests
• npm run lint reports 0 errors

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.03%	82.18%	📈 +0.15%
Statements	82.01%	82.15%	📈 +0.14%
Functions	82.50%	82.50%	➡️ +0.00%
Branches	74.20%	74.29%	📈 +0.09%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	83.1% → 83.7% (+0.56%)	82.4% → 83.0% (+0.54%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Bun Build Test Results

Project	Install	Tests	Status
elysia	✅	1/1	PASS
hono	✅	1/1	PASS

Overall: ✅ PASS

Test details

elysia:

bun test v1.3.10
(pass) add
1 pass, 0 fail
```

**hono:**
```
bun test v1.3.10
(pass) mul
1 pass, 0 fail

Generated by Build Test Bun for issue #1152

[github-actions]

Smoke Test Results

Test	Status
GitHub MCP (last 2 merged PRs)	✅
Playwright (github.com title check)	✅
File write /tmp/gh-aw/agent/smoke-test-claude-22732053059.txt	✅
Bash verification (cat file)	✅

Last 2 merged PRs: #1078 fix: add explicit execute directive to smoke-codex to prevent noop · #1048 test: add CI workflow for non-chroot integration tests

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1152

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	PASS	✅ PASS
env	✅	PASS	✅ PASS
uuid	✅	PASS	✅ PASS

Overall: ✅ PASS

Generated by Build Test Go for issue #1152

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS

Generated by Build Test C++ for issue #1152

[github-actions]

Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

Test output details

oak:

running 1 test from ./test.ts
oak test ... ok (0ms)
ok | 1 passed | 0 failed (2ms)
```

**std:**
```
running 1 test from ./test.ts
std test ... ok (0ms)
ok | 1 passed | 0 failed (2ms)

Deno v2.7.4 — all tests passed

Generated by Build Test Deno for issue #1152

[github-actions]

🦀 Rust Build Test Results

Project	Build	Tests	Status
fd	✅	1/1	PASS
zoxide	✅	1/1	PASS

Overall: ✅ PASS

Generated by Build Test Rust for issue #1152

[github-actions]

Smoke Test Results — @Mossaka

✅ GitHub MCP: Last 2 merged PRs — #1078 fix: add explicit execute directive to smoke-codex to prevent noop, #1069 fix(deps): resolve high-severity rollup vulnerability in docs-site
✅ Playwright: github.com title contains "GitHub"
✅ File Write: /tmp/gh-aw/agent/smoke-test-copilot-22732053000.txt created
✅ Bash: File verified via cat

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot for issue #1152

[github-actions]

Java Build Test Results

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: ✅ PASS

All projects compiled and all tests passed successfully.

Generated by Build Test Java for issue #1152

[github-actions]

Build Test: Node.js Results ✅

Project	Install	Tests	Status
clsx	✅	All passed	PASS
execa	✅	All passed	PASS
p-limit	✅	All passed	PASS

Overall: PASS

Generated by Build Test Node.js for issue #1152

[github-actions]

PR titles: fix: add explicit execute directive to smoke-codex to prevent noop | fix(deps): resolve high-severity rollup vulnerability in docs-site

1. ✅ Test 1 (merged PRs)
2. ✅ Test 2 (safeinputs-gh)
3. ✅ Test 3 (playwright)
4. ❌ Test 4 (tavily search)
5. ✅ Test 5 (file write)
6. ✅ Test 6 (bash cat)
7. ✅ Test 7 (discussion comment)
8. ✅ Test 8 (build)
   Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex for issue #1152