From e3fe0bd1601ab0ab08208651eb3d43bbc59a3856 Mon Sep 17 00:00:00 2001
From: web3dev1337 <160291380+web3dev1337@users.noreply.github.com>
Date: Tue, 31 Mar 2026 14:32:49 +1100
Subject: [PATCH] =?UTF-8?q?security:=20pin=20axios=20to=201.13.4=20?=
 =?UTF-8?q?=E2=80=94=20supply=20chain=20attack=20on=201.14.1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE: axios@1.14.1 pulls plain-crypto-js@4.2.1 (malware dropper)
Ref: https://x.com/feross

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 diff-viewer/client/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/diff-viewer/client/package.json b/diff-viewer/client/package.json
index 8ffc2373..a33125a2 100644
--- a/diff-viewer/client/package.json
+++ b/diff-viewer/client/package.json
@@ -16,7 +16,7 @@
     "@anthropic-ai/sdk": "^0.56.0",
     "@monaco-editor/react": "^4.7.0",
     "@vitejs/plugin-react": "^5.1.3",
-    "axios": "^1.13.4",
+    "axios": "1.13.4",
     "dompurify": "^3.1.7",
     "marked": "^14.1.3",
     "mermaid": "^10.9.3",