Release Notes

This update provides important bug fixes and improvements.

Internal

Bump minimatch to >=10.2.1 to resolve minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern.
Bump ajv to >=8.18.0 to resolve ajv has ReDoS when using $data option.
Patch @eslint/eslintrc and eslint to use ajv 8.18.0 API.
Other dependency upgrades.
Update pnpm to v10 in fe.yml.
Remove duplicate formatting check in fe.yml. pnpm lint already checks formatting and runs eslint. The prettier --check inside lint will already fail if any files aren't formatted, making the separate "Check formatting" step redundant.
Make patch the default release_type option in create-release.yml.
Pin pnpm version to v10 in web Dockerfile.

Fixed: Building the web image may fail because the patches/ directory is not copied before running pnpm install --frozen-lockfile.
Fixed: The "What's Changed" header in auto-generated notes is not removed from the final release notes generated by create-release.yml.

Schema Upgrade	Migration Script	Permissions Update	Task Definition Update	Configuration Update
No	No	No	No	No

deps(web-dev): bump svelte from 5.51.3 to 5.51.5 in /web/pingpong by @dependabot[bot] in #1420
security: bump minimatch to >=10.2.1 by @ekassos in #1421
chore(deps): bump the uv group across 1 directory with 2 updates by @dependabot[bot] in #1423
deps(web-dev): bump @sveltejs/kit from 2.52.0 to 2.52.2 in /web/pingpong by @dependabot[bot] in #1422
security: bump ajv to >=8.18.0 and patch eslint by @ekassos in #1424
chore: remove duplicate formatting check in fe.yml by @ekassos in #1425
change(create-release): remove What's Changed heading & make patch default type by @ekassos in #1426
fix: copy patches folder to web docker image before pnpm install by @ekassos in #1427

Full Changelog: v1050+srv542.web358...v1057+srv543.web363