fix: update minimatch to resolve CVE-2026-27903

[dannyneira]

Summary

• Updates the transitive npm dependency minimatch in build_ts/package-lock.json from 3.1.2 to 3.1.5.
• Resolves Dependabot alert: https://github.com/warpdotdev/workflows/security/dependabot/25
• Advisory: GHSA-7r86-cg39-jmmj
• CVE: https://nvd.nist.gov/vuln/detail/CVE-2026-27903

Details

• Ecosystem: npm
• Manifest: build_ts/package-lock.json
• Dependency relationship: transitive development dependency via nodemon
• Patched version requested by alert: 3.1.3; lockfile now resolves to 3.1.5
• No resolutions, overrides, or direct dependency additions were needed.

Verification

• npm ci
• npm audit --json confirmed minimatch is no longer reported
• npm run build
• cargo build
• cargo clippy --tests -- -A warnings
• cargo test
• Baseline note: cargo fmt -- --check reports generated Rust workflow files would be reformatted; those files are unrelated to this lockfile-only fix and were left untouched.

Conversation: https://staging.warp.dev/conversation/75ad0fec-10e0-420f-8ec3-bec51f1b7476
Run: https://oz.staging.warp.dev/runs/019e799d-3281-700d-a2e1-cf1e9bf1b25b
This PR was generated with Oz.