chore(SEC-10819): upgrade axios to 1.13.5

[phantom-autopilot]

Summary

• Upgrades axios to ^1.13.5 (resolves to 1.16.0) to remediate GHSA-43fc-jf86-j433 / CVE-2026-25639 — DoS via __proto__ key in mergeConfig.
• Adds yarn resolutions and npm overrides for axios so transitive consumers (etherscan-api, wait-on) also pick up the patched version.
• Regenerates yarn.lock and pnpm-lock.yaml; both now contain a single axios@1.16.0 entry.
• Adds a changeset for the patch release.

Linear: SEC-10819

Test plan

• CI lint/build passes (note: pre-existing prettier failures on helpers.js, plugins/index.js, support/index.js exist on dev and are out of scope).
• yarn why axios shows all consumers resolve to 1.16.0.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated Axios dependency to a newer version to address security and stability improvements.

[phantom-autopilot]

PR opened by agent

#41

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c231759d-af37-46fd-add3-7c496cfd198f

📥 Commits

Reviewing files that changed from the base of the PR and between ff82e55 and 9fd7b6a.

⛔ Files ignored due to path filters (2)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• .changeset/sec-10819-axios-1-13-5.md
• package.json

---

📝 Walkthrough

Walkthrough

This PR upgrades Axios to version 1.13.5 to address security vulnerability GHSA-43fc-jf86-j433. The changeset entry documents the patch release, and package.json is updated to reflect the new version in dependencies, resolutions, and overrides sections for consistent enforcement across the dependency tree.

Changes

Axios Security Update to 1.13.5

Layer / File(s)	Summary
Release Documentation .changeset/sec-10819-axios-1-13-5.md	Changeset entry documents patch-level upgrade of Axios to 1.13.5 with security advisory reference GHSA-43fc-jf86-j433.
Dependency Version Update package.json	axios in dependencies is bumped from ^1.4.0 to ^1.13.5.
Resolution and Override Configuration package.json	Axios is added to both resolutions and overrides sections at ^1.13.5 to ensure consistent version enforcement alongside existing lodash override.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(SEC-10819): upgrade axios to 1.13.5' directly matches the main change: upgrading axios to address a security vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch autopilot2/sec-10819_high-upgrade-axios-in-github-com-phantom-synpress-to-1-13-5

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[phantom-autopilot]

PR opened by agent

Draft PR: #41

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​axios@​1.7.7 ⏵ 1.16.0	-6	+70

View full report