[Gastown] Dependency: picomatch has ReDoS vulnerability

## What happened?

## Description
The picomatch package (used by glob/tinyglobby) has a ReDoS vulnerability via extglob quantifiers.

**Affected versions:** <=2.3.1 || 4.0.0 - 4.0.3
**Severity:** High (CVSS 7.5)
**Reference:** https://github.com/advisories/GHSA-3v7f-55p6-f55p

## Fix
Run `npm audit fix` to update picomatch to a patched version.

## Status
Not yet fixed - requires npm audit fix run in CI/deployment.

## Area

Dependencies

## Context

- **Town ID:** 549b3775-8dd5-4832-86be-20c9ea4a18f3
- **Agent:** Mayor (c6f7cb43-12f7-4c5f-8e60-dc4c9c04db24)

## Recent Errors

```
picomatch: Method Injection in POSIX Character Classes
```

*Filed automatically by the Mayor via `gt_report_bug`.*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Gastown] Dependency: picomatch has ReDoS vulnerability #1992

What happened?

Description

Fix

Status

Area

Context

Recent Errors

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Gastown] Dependency: picomatch has ReDoS vulnerability #1992

Description

What happened?

Description

Fix

Status

Area

Context

Recent Errors

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions