security fix

docs/my-website/.trivyignore

@@ -0,0 +1,7 @@
+# js-yaml CVE-2025-64718
+# This vulnerability is not applicable because we've forced js-yaml to version 4.1.1
+# via npm overrides in package.json. Trivy incorrectly reports this based on
+# dependency requirements in the lockfile, but the actual installed version is 4.1.1.
+# Verified with: npm list js-yaml
+CVE-2025-64718
+

docs/my-website/package.json

@@ -45,7 +45,8 @@
     ]
   },
   "engines": {
-    "node": ">=16.14"
+    "node": ">=16.14",
+    "npm": ">=8.3.0"
   },
   "overrides": {
     "webpack-dev-server": ">=5.2.1",