chore(SEC-10491): upgrade axios to 1.15.1

[phantom-autopilot]

Summary

Upgrades axios from 1.7.7 to 1.15.1 to resolve GHSA-pmwg-cvhr-8vh7 (CVE-2026-42043, HIGH) — an incomplete fix for CVE-2025-62718 in which axios's NO_PROXY protection skipped only 127.0.0.1 instead of the full RFC 1122 loopback subnet 127.0.0.0/8, allowing proxy bypass for other loopback addresses (127.0.0.2 … 127.255.255.254).

Vulnerable range: >=1.0.0,<1.15.1 — the workspace previously resolved axios@1.7.7 (direct dep) and axios@1.2.2 (transitive via etherscan-api).

Changes

• package.json: bump direct dep axios from ^1.4.0 → ^1.15.1.
• package.json: add axios: 1.15.1 to resolutions to override the exact 1.2.2 pin in etherscan-api@10.3.0 (no newer etherscan-api release relaxes this constraint).
• yarn.lock: regenerated. Lockfile now contains a single axios@1.15.1 entry; the prior 1.2.2 and 1.7.7 entries are gone.

Linear: SEC-10491

Test plan

• yarn install resolves cleanly with no new peer-dependency conflicts beyond those already present on dev.
• Lockfile contains exactly one axios@npm: entry at 1.15.1 (grep "axios@npm" yarn.lock).
• No source files changed — helpers.js is the only file using axios and only calls axios.get() with options unchanged across the 1.7.7 → 1.15.1 range.
• CI on the PR.

Notes

Pre-existing lint/prettier failures on dev (in helpers.js, plugins/index.js, support/index.js, pages/metamask/first-time-flow-page.js) are unrelated to this upgrade and are intentionally not touched.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated axios dependency to version 1.15.1.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fce63f0b-630b-44d2-bc63-acb647f35461

📥 Commits

Reviewing files that changed from the base of the PR and between ff82e55 and 2059b38.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

---

📝 Walkthrough

Walkthrough

The axios HTTP client dependency is upgraded from ^1.4.0 to ^1.15.1 in the dependencies section. An axios resolution entry is simultaneously added at 1.15.1 to enforce consistent versioning across transitive dependency chains.

Changes

Axios Dependency Upgrade

Layer / File(s)	Summary
Dependency Version Bump package.json	axios in dependencies updated from ^1.4.0 to ^1.15.1; axios resolution entry pinned to 1.15.1 to lock the resolved version.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(SEC-10491): upgrade axios to 1.15.1' directly and clearly summarizes the main change in the pull request: upgrading the axios dependency to version 1.15.1.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch autopilot2/sec-10491_high-upgrade-axios-in-github-com-phantom-synpress-to-1-15-1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​axios@​1.2.2 ⏵ 1.15.1	-9	+31		+1

View full report

[phantom-autopilot]

Pushed commit unknown to autopilot2/sec-10491_high-upgrade-axios-in-github-com-phantom-synpress-to-1-15-1

git push -u origin autopilot2/sec-10491_high-upgrade-axios-in-github-com-phantom-synpress-to-1-15-1

---

PR opened by agent

gh pr create --draft --base dev --title "chore(SEC-10491): upgrade axios to 1.15.1" ... #37

---

Error encountered

Error: Exit code 1
'dep-upgrade-pending' not found

---

Task completed

SEC-10491 is complete. Summary:

• Branch: autopilot2/sec-10491_high-upgrade-axios-in-github-com-phantom-synpress-to-1-15-1
• PR: chore(SEC-10491): upgrade axios to 1.15.1 #37 (draft)
• Changes: package.json and yarn.lock updated with axios 1.15.1
• Label: dep-upgrade-success applied
• Linear: SEC-10491 commented with PR link and validation summary