fix(deps): resolve high-severity rollup vulnerability in docs-site

[Copilot]

CI "Dependency Vulnerability Audit" fails because npm audit --audit-level=high catches GHSA-mw96-cpmx-2vgc (arbitrary file write via path traversal in rollup 4.0.0–4.58.0).

• Run npm audit fix in docs-site/ — updates package-lock.json only, no breaking changes
• Resolves the high-severity rollup vulnerability plus moderate lodash-es, devalue, and ajv advisories
• 5 remaining moderate lodash vulnerabilities (via @astrojs/check → volar-service-yaml → yaml-language-server) require a breaking @astrojs/check upgrade and don't trip --audit-level=high

Original prompt

---

This section details on the original issue you should resolve

<issue_title>🏥 CI FailureDependency Vulnerability Audit fails: high-severity rollup vulnerability in docs-site</issue_title>
<issue_description>## Summary

The "Audit Docs Site Package" job in the Dependency Vulnerability Audit workflow fails because npm audit found a high-severity vulnerability in the docs-site/ package dependencies.

Triggered by commit: b508e3f (feat(proxy): make copilot api target configurable for enterprise envi…)

Vulnerabilities Found

🔴 High Severity

Package	Range	Advisory	Fix
rollup	4.0.0 – 4.58.0	GHSA-mw96-cpmx-2vgc — Arbitrary File Write via Path Traversal	npm audit fix

🟡 Moderate Severity (15 total)

Package	Chain	Fix
lodash 4.0.0–4.17.21	@astrojs/check → @astrojs/language-server → volar-service-yaml → yaml-language-server	npm audit fix --force (breaking: upgrades @astrojs/check to 0.9.2)
lodash-es 4.0.0–4.17.22	mermaid → @mermaid-js/parser → langium → chevrotain	npm audit fix

Total: 15 vulnerabilities (1 low, 13 moderate, 1 high)

Root Cause

The rollup high-severity vulnerability (GHSA-mw96-cpmx-2vgc) was published after the current docs-site/package-lock.json was last updated. The CI audit step uses --audit-level=high, so this is correctly catching the issue.

Recommended Actions

1. Immediate fix — run npm audit fix in docs-site/ to patch rollup and lodash-es (non-breaking):

   cd docs-site
   npm audit fix

2. For lodash via @astrojs/check — evaluate whether upgrading @astrojs/check to 0.9.2 is acceptable:

   cd docs-site
   npm audit fix --force   # breaking change: `@astrojs/check` → 0.9.2

3. If @astrojs/check upgrade is not acceptable, consider adding an npm audit overrides/resolutions entry in docs-site/package.json for the lodash chain.

Failing Step

• Job: Audit Docs Site Package
• Step: "Run npm audit (fail on high/critical)" — exit code 1
• Note: The "Audit Main Package" job passed ✅ — only docs-site is affected

Generated by CI Doctor

<agent_instructions>Fix it </agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes 🏥 CI FailureDependency Vulnerability Audit fails: high-severity rollup vulnerability in docs-site #1065

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.03%	82.18%	📈 +0.15%
Statements	82.01%	82.15%	📈 +0.14%
Functions	82.50%	82.50%	➡️ +0.00%
Branches	74.20%	74.29%	📈 +0.09%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	83.1% → 83.7% (+0.56%)	82.4% → 83.0% (+0.54%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Copilot wasn't able to review any files in this pull request.

Files not reviewed (1)

• docs-site/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS ✅

Generated by Build Test C++ for issue #1069

[github-actions]

🦕 Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

All Deno tests passed successfully (Deno 2.7.1).

Generated by Build Test Deno for issue #1069

[github-actions]

Smoke Test Results — PASS

• ✅ GitHub MCP: fix(deps): resolve high-severity rollup vulnerability in docs-site #1069 fix(deps): resolve high-severity rollup vulnerability in docs-site / fix(ci): recompile ci-doctor and add missing workflows #1067 fix(ci): recompile ci-doctor and add missing workflows
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File write: /tmp/gh-aw/agent/smoke-test-claude-22467422104.txt created
• ✅ Bash: file contents verified

💥 [THE END] — Illustrated by Smoke Claude for issue #1069

[github-actions]

.NET Build Test Results

Project	Restore	Build	Run	Status
hello-world	✅	✅	✅	PASS
json-parse	✅	✅	✅	PASS

Overall: PASS ✅

Run output

hello-world:

Hello, World!
```

**json-parse:**
```
{
  "Name": "AWF Test",
  "Version": 1,
  "Success": true
}
Name: AWF Test, Success: True

Generated by Build Test .NET for issue #1069

[github-actions]

Smoke Test Results — Copilot Engine ✅ PASS

Test	Result
GitHub MCP (last 2 merged PRs)	✅ #1070 chore: investigate issue duplication detector workflow failure / #1069 fix(deps): resolve high-severity rollup vulnerability in docs-site
Playwright (github.com title)	✅ "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
File write	✅ /tmp/gh-aw/agent/smoke-test-copilot-22467422055.txt created
Bash verification	✅ File content confirmed

PR author: @Copilot — Assignees: @Mossaka @Copilot

📰 BREAKING: Report filed by Smoke Copilot for issue #1069

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	PASS	✅ PASS
env	✅	PASS	✅ PASS
uuid	✅	PASS	✅ PASS

Overall: ✅ PASS

Generated by Build Test Go for issue #1069

[github-actions]

Bun Build Test Results

Project	Install	Tests	Status
elysia	✅	1/1	PASS
hono	✅	1/1	PASS

Overall: PASS ✅

Tested with Bun v1.3.10

Generated by Build Test Bun for issue #1069

[github-actions]

🦀 Rust Build Test Results

Project	Build	Tests	Status
fd	✅	1/1	PASS
zoxide	✅	1/1	PASS

Overall: ✅ PASS

Generated by Build Test Rust for issue #1069

[github-actions]

Java Build Test Results

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: PASS ✅

All projects compiled and all tests passed successfully.

Generated by Build Test Java for issue #1069

[github-actions]

PR titles: chore(deps-dev): bump minimatch from 10.2.1 to 10.2.4 | Completing task
GitHub MCP merged PRs: ✅
Safeinputs gh pr list: ✅
Playwright github.com title: ✅
Tavily search: ❌
File write: ✅
Bash cat verify: ✅
Discussion comment: ✅
Build npm ci && npm run build: ✅
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex for issue #1069

[github-actions]

Node.js Build Test Results

Project	Install	Tests	Status
clsx	✅	PASS	✅ PASS
execa	✅	PASS	✅ PASS
p-limit	✅	PASS	✅ PASS

Overall: ✅ PASS

Generated by Build Test Node.js for issue #1069