fix(deps): mitigate critical and high security vulnerabilities

[Fluf22]

Summary

Mitigate Dependabot security alerts across all severity levels via yarn resolutions.

Critical — axios (CVE-2026-40175)

• Force axios ^1.15.0 in root workspace (cloud metadata exfiltration via header injection, NO_PROXY bypass → SSRF)
• Force axios ^1.15.0 for bundlewatch in JS client workspace (migrated from 0.x, verified locally)

High

• Force vite ^8.0.5 — server.fs.deny bypass, arbitrary file read via dev server WebSocket
• Force lodash ^4.18.0 — code injection via _.template imports
• Force lodash-es ^4.18.0 — same as above

Medium

• Force @nestjs/core ^11.1.18 — injection via downstream component
• Force fast-xml-parser ^5.5.7 — entity expansion limit bypass
• Force follow-redirects ^1.16.0 in website and JS client lockfiles — auth header leak on cross-domain redirects

[algolia-bot]

No code generated

If you believe code should've been generated, please, report the issue.

📊 Benchmark results

Benchmarks performed on the method using a mock server, the results might not reflect the real-world performance.

Language	Req/s
go	2369
javascript	2283
php	1702
csharp	1503
python	1366
java	1116
ruby	949
swift	823
scala	23

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

[github-actions]

🚀 Deployed on https://69de3830cbdbea400dda70ca--api-clients-automation.netlify.app

[Fluf22]

v0.31.0 carries the security backports: axios/axios#10707