Axios Security Advisories: Use GitHub GHSA And `npm audit` For Patched Versions

Axios publishes security advisories under `github.com/axios/axios/security/advisories` (GHSA/CVE). Supply-chain and DoS-class issues appear periodically; treat HTTP clients as **versioned dependencies** with the same rigor as frameworks.

The response is mechanical: identify your installed major/minor from `package-lock.json` or `pnpm-lock.yaml`, open the advisory that matches that line, upgrade to the **first patched release** called out there, then re-run tests around redirects, interceptors, timeouts, and any user-influenced URL inputs.

Never pin from a blog summary alone-**npm audit**, GitHub Dependabot, and the live GHSA text change as new CVEs ship. Re-check advisories whenever you bump Axios or your lockfile regen pulls a fresh transitive version.