security: pin axios to 1.13.4 — supply chain attack on 1.14.1

web3dev1337 · claude · web3dev1337 · commit e3fe0bd1601a · 2026-03-31T14:32:49.000+11:00
CVE: axios@1.14.1 pulls plain-crypto-js@4.2.1 (malware dropper) Ref: https://x.com/feross Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/diff-viewer/client/package.json b/diff-viewer/client/package.json
@@ -16,7 +16,7 @@
     "@anthropic-ai/sdk": "^0.56.0",
     "@monaco-editor/react": "^4.7.0",
     "@vitejs/plugin-react": "^5.1.3",
-    "axios": "^1.13.4",
+    "axios": "1.13.4",
     "dompurify": "^3.1.7",
     "marked": "^14.1.3",
     "mermaid": "^10.9.3",
