Minimatch upgrade to 3.1.5, fixes npm audit reported vulnerability.

[sdedic]

NPM audit reports vulnerabilities:

sdedic@sdedic-nb4$ npm audit --omit=dev
# npm audit report

minimatch  <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix`
node_modules/minimatch

This PR bumps version of minimatch to 3.1.5, which fixes the vulnerability

sdedic@sdedic-nb4$ npm audit --omit=dev
found 0 vulnerabilities

Note that there are more vulnerabilities introduced by mocha, as it depends not only on minimatch (in a vulnerable version), but also on serialize-javascript. Cannot be really addressed at this moment, as mocha even in its 12.0.0-beta2 (the latest public beta release) still uses vulnerable dependencies. An option would be to make version override, but as mocha is only a devDependency and is not shipped, I've decided to fix just the minimatch .