[Aikido] Fix 3 critical issues in minimist, conventional-changelog-cli, uuid and 1 more

[aikido-autofix]

Upgrade minimist, ws, and uuid to fix prototype pollution, header-based DoS, and buffer overflow vulnerabilities.

⚠️ Incomplete breaking changes analysis (3/4 analyzed)

⚠️ Breaking changes analysis not available for: conventional-changelog-cli

✅ The uuid package upgrade from 3.0.0 to 11.1.1 does not affect this codebase. The uuid package is only present as a transitive dependency through the raven package (used in lighthouse-core/lib/sentry.js), and is not directly imported or used anywhere in the Lighthouse codebase. All breaking changes listed in the changelog relate to direct usage of the uuid API, which does not occur in this project.

All breaking changes by upgrading uuid from version 3.0.0 to 11.1.1 (CHANGELOG)

Version	Description
7.0.0	The default export, which used to be the v4() method, has been removed.
7.0.0	Builtin support for insecure random number generators in the browser has been removed.
7.0.0	Support for generating v3 and v5 UUIDs in Node.js<4.x has been removed.
7.0.0	Deep imports of the different uuid version functions are deprecated and emit a deprecation warning.
8.0.0	For native ECMAScript Module (ESM) usage in Node.js only named exports are exposed, there is no more default export.
8.0.0	Deep requiring specific algorithms like require('uuid/v4') is no longer supported.
8.2.0	Deprecated v4 string parameter has been removed.
9.0.0	Node.js 10.x support has been dropped.
9.0.0	The minified UMD build has been removed from the package.
9.0.0	IE 11 and Safari 10 support has been dropped, along with msCrypto fallback.
10.0.0	Node.js 12 and 14 support has been dropped (only node 16-20 supported).
11.0.0	v1 internal state and options logic has been refactored.
11.0.0	v7 internal state and options logic has been refactored.

✅ 3 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2021-44906	🚨 CRITICAL	[minimist] <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
CVE-2024-37890	HIGH	[ws] A request with headers exceeding the server.maxHeadersCount threshold can crash a ws server, causing a denial of service. This vulnerability allows attackers to trigger server crashes through malformed HTTP requests.
CVE-2026-41907	HIGH	[uuid] A buffer overflow vulnerability allows v3, v5, and v6 UUID functions to write beyond caller-provided buffer boundaries when given small buffers or large offsets, causing silent data corruption. This can lead to memory corruption and potential code execution or information disclosure.

🔗 Related Tasks

• https://centreon.atlassian.net/browse/CXM-238

[github-actions]

YARN is no longer allowed. Kindly replace the lockfile using PNPM. Found in ./lighthouse-logger/yarn.lock
YARN is no longer allowed. Kindly replace the lockfile using PNPM. Found in ./lighthouse-core/scripts/legacy-javascript/yarn.lock
YARN is no longer allowed. Kindly replace the lockfile using PNPM. Found in ./yarn.lock

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #5