[Snyk] Security upgrade axios from 1.4.0 to 1.13.5

[bijupki]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• webpack-typescript-react-demo/package.json
• webpack-typescript-react-demo/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-AXIOS-15252993	828

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[segrem25830-pki]

Checkmarx One – Scan Summary & Details – 38b7ea60-4954-4ac2-aa2c-b6e647d0e87e

New Issues (5)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2025-13465	Npm-lodash-4.17.21	details Recommended version: 4.17.23 Description: Lodash versions from 4.0.0 through 4.17.22 are vulnerable to Prototype Pollution in the "_.unset" and "_.omit" functions. An attacker can pass craf... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2025-15284	Npm-qs-6.9.7	details Recommended version: 6.9.8 Description: Improper Input Validation vulnerability in qs (parse modules) versions prior to 6.14.1 allows HTTP Denial-of-Service (DoS). The "arrayLimit" option... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2026-2391	Npm-qs-6.9.7	details Recommended version: 6.9.8 Description: ### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to c... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2025-68157	Npm-webpack-5.83.1	details Recommended version: 5.104.1 Description: Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpacks HTTP(S) resolver (HttpUriPlugin... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
5		CVE-2025-68458	Npm-webpack-5.83.1	details Recommended version: 5.104.1 Description: Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpacks HTTP(S) resolver (HttpUriPlugin... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package

Fixed Issues (8)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2025-7783	Npm-form-data-4.0.0
	CVE-2024-39338	Npm-axios-1.4.0
	CVE-2025-27152	Npm-axios-1.4.0
	CVE-2025-58754	Npm-axios-1.4.0
	CVE-2023-26159	Npm-follow-redirects-1.15.2
	CVE-2023-45857	Npm-axios-1.4.0
	CVE-2024-28849	Npm-follow-redirects-1.15.2
	CVE-2025-13466	Npm-body-parser-1.19.2

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR