fix(docker): patch transitive CVEs in MCP server dependencies

MCP servers bundle their own copies of vulnerable packages. After global
install, patch nested node_modules in each server directly:
- @modelcontextprotocol/sdk 1.0.1 → 1.25.2 (CVE-2025-66414, CVE-2026-0621)
- picomatch 4.0.3 → 4.0.4 (CVE-2026-33671)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

claude/Dockerfile

@@ -37,6 +37,22 @@ RUN npm install -g \
   @aashari/mcp-server-atlassian-jira \
   @aashari/mcp-server-atlassian-confluence
 
+# Patch transitive CVEs bundled inside MCP server node_modules:
+#   CVE-2025-66414, CVE-2026-0621 — @modelcontextprotocol/sdk <1.25.2
+#   CVE-2026-33671               — picomatch <4.0.4
+RUN for pkg_dir in \
+      /usr/local/lib/node_modules/@modelcontextprotocol/server-github \
+      /usr/local/lib/node_modules/@yoda.digital/gitlab-mcp-server \
+      /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-jira \
+      /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-confluence; do \
+    [ -d "$pkg_dir" ] && \
+      cd "$pkg_dir" && \
+      npm install --no-audit --no-fund \
+        @modelcontextprotocol/sdk@1.25.2 \
+        picomatch@4.0.4 \
+      || true; \
+  done
+
 # Workspace and Claude config dir — owned by the built-in node user (uid 1000).
 # Pre-creating ~/.claude ensures the named volume is initialised with the
 # correct ownership when first mounted (Docker copies image content into