chore: fix ReDoS in ajv and minimatch

[sjinks]

This pull request updates several dependencies in the npm-shrinkwrap.json file, primarily focusing on the minimatch and related packages. The changes include upgrading versions to address security, compatibility, and dependency resolution, as well as updating or replacing some supporting packages. Below are the most important changes grouped by theme:

Dependency Upgrades:

• Upgraded multiple instances of minimatch from various 3.x and 5.x versions to newer patch versions (e.g., 3.1.2 → 3.1.4, 5.1.6 → 5.1.8, 9.0.5 → 9.0.7, 10.1.1 → 10.2.3) across several dependencies, improving security and compatibility. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]

• Upgraded ajv from 6.12.6 to 6.14.0 for improved JSON schema validation and bug fixes.

Dependency Replacements and Additions:

• Replaced @isaacs/brace-expansion and @isaacs/balanced-match with newer brace-expansion and balanced-match packages, and updated their versions and dependency trees to reflect the latest upstream changes. [1] [2] [3]

Dependency Tree Adjustments:

• Updated dependency references for brace-expansion and balanced-match in several places to ensure compatibility with new minimatch versions and Node.js engine requirements. [1] [2] [3]

These updates help keep the dependency tree secure, up to date, and compatible with current Node.js versions.

Ref: CVE-2025-69873
Ref: CVE-2026-26996

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud