Fix dependabot security alerts for minimatch and serialize-javascript

[Mr-Wallet]

Summary

• Update minimatch 3.1.2 → 3.1.3 and 5.1.6 → 5.1.8 in yarn.lock to fix ReDoS vulnerability (Dependabot alerts add cpp interface and unit tests #36, Does this module support remote shares? #37)
• Add yarn resolution for serialize-javascript ^7.0.3 to fix RCE via RegExp.flags and Date.prototype.toISOString() (Dependabot alert Error installing on windows 10 #38). No 6.x patch exists; the only breaking change in v7 is requiring Node.js v20+, which only affects dev tooling.

Test plan

• yarn install succeeds
• Native build compiles successfully
• CI passes

🤖 Generated with Claude Code

[AlexaXs]

Tested and working fine

[Mr-Wallet]

@ianhattendorf @julianmesa-gitkraken can someone please help us with understanding what do to with the merge requirements (tests that aren't running)? And also we'd like to release a version bump, not sure if there's any special steps there.

[ianhattendorf]

@ianhattendorf @julianmesa-gitkraken can someone please help us with understanding what do to with the merge requirements (tests that aren't running)? And also we'd like to release a version bump, not sure if there's any special steps there.

There were branch protection rules (https://github.com/Axosoft/nsfw/settings/branches) requiring that the Node 18 tests pass. Since support for Node 18 is being dropped, I've removed those checks.

For releasing: it's a yarn project so you'll want to yarn publish, but with the recent changes to npm I'm not sure if that will work so you might need to fiddle with it.