feat: revise axios version reasons in package.json

[iola1999]

Updated axios version reasons for security awareness.

Summary by CodeRabbit

• Chores
  • Updated security advisory reference for axios dependency to current security resource.
  • Added configuration entry for axios version management.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the advisory URL for axios version 1.14.1 in package.json configuration to reference a StepSecurity blog post. Added a new entry for axios version 0.30.4 mapping to version 0.30.3 with the same advisory documentation reference.

Changes

Cohort / File(s)	Summary
Bug Versions Configuration package.json	Updated axios 1.14.1 advisory URL from GitHub issue to StepSecurity blog post; added new axios 0.30.4 entry mapping to 0.30.3 with StepSecurity URL reference.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Update axios version and reason in package.json #286: Modifies the same package.json config entries for axios bug-versions, including changes to version 1.14.1.

Poem

🐰 A fix for the fox in the package so true,
Security URLs, both shiny and new,
Axios no longer carries a blight,
Version 0.30.4 brought back to the light! 🌟

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The PR title accurately describes the main change: updating axios version reasons in package.json with more authoritative security URLs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the package.json to address security compromises in axios by mapping malicious versions to safer alternatives. A review comment identifies that the proposed target versions, 0.30.3 and 1.14.0, do not exist in the npm registry and suggests using valid versions like 0.28.1 to prevent installation errors.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 1643-1646: The package.json contains an invalid bug-versions entry
for axios "0.30.4" (key "0.30.4" with "version": "0.30.3") that cites a
nonexistent blog; remove that entire object from the bug-versions list (delete
the "0.30.4" entry) or replace it with a valid, verifiable security advisory
link if you can provide one (e.g., CVE or GitHub advisory) so the list only
contains entries backed by authoritative sources.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 530102ac-7560-4053-b266-f877889b3c1c

📥 Commits

Reviewing files that changed from the base of the PR and between 0197703 and 6d74cf4.

📒 Files selected for processing (1)

• package.json

[github-actions]

🎉 This PR is included in version 1.120.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀