revert: align minimatch override with main (superseded by #2964)

[Copilot]

The minimatch ReDoS fixes were superseded by #2964, which was merged to main with a simpler, broader override.

Changes

• package.json: Reverted range-specific overrides to match main's single override:

"pnpm": {
  "overrides": {
    "minimatch": ">=10.2.3"
  }
}

• pnpm-lock.yaml: Updated — all minimatch versions now resolve to 10.2.4 (the 9.0.5 version is gone entirely, forced to 10.2.4 by the broad override).

This PR is now conflict-free with main and ready to be closed.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Daily Org Oversight Report — 2026-03-08 (UTC)</issue_title>
<issue_description>## Summary Metrics

Metric	Count
Repositories	4
New issues (today)	0
Open issues (org-wide)	15
Open PRs (org-wide)	4
Stale issues (>30 days)	0
Stale PRs (>14 days)	0
Aging PRs (>7 days)	0
Failing main-branch checks	0
Dependabot alerts	9
Code scanning alerts	15
Secret scanning alerts	0

Note: Secret scanning is disabled on fro-bot/.github. Code scanning is not configured on fro-bot/fro-bot.github.io or fro-bot/systematic.

---

🔴 Critical Items

Dependabot — High-Severity Alerts

Repo	Package	Severity	Alert	Summary
.github	minimatch	High	#20	ReDoS via nested *() extglobs
.github	minimatch	High	#19	ReDoS via multiple non-adjacent GLOBSTAR
.github	minimatch	High	#18	ReDoS via multiple non-adjacent GLOBSTAR
.github	minimatch	High	#17	ReDoS via nested *() extglobs
.github	minimatch	High	#16	ReDoS via repeated wildcards
agent	tar	High	#27	Hardlink path traversal via drive-relative linkpath

Recommended action: Merge fro-bot/agent#280 to resolve the tar alert. Upgrade minimatch transitive dependency in .github (check Dependency Dashboard #2828).

Dependabot — Medium-Severity Alerts

Repo	Package	Severity	Alert	Summary
.github	ajv	Medium	#15	ReDoS when using $data option
.github	ajv	Medium	#14	ReDoS when using $data option
.github	undici	Medium	#9	Unbounded decompression chain in HTTP responses

Code Scanning — High-Severity Findings

Repo	Tool	Alert	Description
agent	CodeQL	#20	Potential file system race condition
agent	Scorecard	#16	Token-Permissions
agent	Scorecard	#13	Vulnerabilities
agent	Scorecard	#6	Maintained
agent	Scorecard	#5	Code-Review
agent	Scorecard	#4, #3	Token-Permissions
agent	Scorecard	#1	Branch-Protection
.github	Scorecard	#9	Vulnerabilities
.github	Scorecard	#6	Code-Review
.github	Scorecard	#1	Branch-Protection

Recommended action: Prioritize the CodeQL finding (agent#20) — it's the only non-Scorecard high finding. Address Scorecard items (branch protection, token permissions) as part of repo hardening.

Main Branch Status

All main-branch checks are passing. One Fro Bot check on .github is currently in progress (likely this run).

---

Aging PRs (>7 days no activity)

None. All 4 open PRs have been updated within the last 7 days.

Repo	PR	Title	Last Updated
.github	#2953	chore(deps): update actions/dependency-review-action to v4.9.0	2026-03-03
.github	#2951	chore(deps): update dependency jdx/mise to v2026.3.5	2026-03-08
.github	#2958	chore(deps): update dependency pnpm to v10.31.0	2026-03-08
agent	#280	fix(deps): bump tar override to 7.5.10 (GHSA-qffp-2rhf-9h96)	2026-03-07

Watch: .github ...

• Fixes Daily Org Oversight Report — 2026-03-08 (UTC) #2959

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[marcusrbrown]

@copilot resolve conflicts from main which supercedes these changes. verify and close this PR after reporting to the parent issue

[Copilot]

@copilot resolve conflicts from main which supercedes these changes. verify and close this PR after reporting to the parent issue

Done. Main already merged the fix in #2964 ("minimatch": ">=10.2.3") which supersedes the range-specific overrides in this branch. I've reverted package.json and pnpm-lock.yaml to match main's state (commit f920293) — all checks pass and the branch is now conflict-free. This PR can be closed as resolved by #2964.

[marcusrbrown]

Closed as resolved by #2964.