chore: update skills, docker-compose, and fix security vulnerabilities

[WhatIfWeDigDeeper]

Summary

• Update js-deps and uv-deps agent skills with revised workflows, interactive help, audit, and update reference docs; remove stale options.md
• Add docker-compose-all.yml to start all services at once; trim docker-compose.yml to core services only
• Update skills-lock.json to reflect new skill versions
• 61 → 27 vulnerabilities fixed across 12 packages (34 resolved) via npm audit fix; only package-lock.json files changed

Vulnerabilities Fixed (per directory)

Directory	Before	After	Fixed
root	2	0	✅ 2
api	10	8	✅ 2
hono-api	3	0	✅ 3
koa-api	2	0	✅ 2
nest-api	12	10	✅ 2
nuxt-api	8	4	✅ 4
react-ui	3	0	✅ 3
svelte-ui	6	0	✅ 6
tanstack-start-ui	3	0	✅ 3
tanstack-ui	3	0	✅ 3
ui	2	0	✅ 2
vue-ui	7	5	✅ 2

Remaining (27) — Require Breaking Major Version Upgrades

These could not be fixed without semver-major bumps to direct dependencies:

• api (8 moderate): chevrotain, lodash, hono, prisma, @mrleebo/prisma-ast, @prisma/dev, @chevrotain/cst-dts-gen, @chevrotain/gast
• nest-api (10 moderate): @nestjs/cli, drizzle-kit, esbuild, @esbuild-kit/*, @angular-devkit/*, @nestjs/schematics, ajv
• nuxt-api (4 moderate): drizzle-kit, esbuild, @esbuild-kit/*
• vue-ui (5 high): @testing-library/vue, @vue/test-utils, editorconfig, js-beautify, minimatch

Validation Results

Check	Status
Lint (all 9 packages)	✅ Pass
Security Audit	27 remaining (all require breaking changes)

Generated with Claude Code