fix (Security): Patch fast-xml-parser and minimatch CVEs

- fast-xml-parser 5.3.4 → 5.3.6 (CVE-2026-26278, DoS via entity expansion)
- minimatch → 10.2.1 override (CVE-2026-26996, ReDoS via repeated wildcards)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Strehk