[UID2-6899] Fix CVE-2025-62718: Upgrade axios 1.13.5→1.15.0

[sunnywu]

Summary

This PR fixes CVE-2025-62718 — a CRITICAL SSRF vulnerability in axios caused by hostname normalization bypass in NO_PROXY handling.

• CVE: CVE-2025-62718
• Severity: CRITICAL
• Vulnerability: axios NO_PROXY Hostname Normalization Bypass → Server-Side Request Forgery (SSRF)
• Fix: Upgrade axios from 1.13.5 to >=1.15.0 (resolves the vulnerability in 1.15.0)
• Jira: UID2-6899

Changes

Updated axios version in all 5 affected package.json files and regenerated their package-lock.json lock files:

• web-integrations/google-secure-signals/client-server/
• web-integrations/google-secure-signals/server-side/
• web-integrations/prebid-integrations/client-server/
• web-integrations/javascript-sdk/client-server/
• web-integrations/server-side/

Vulnerability Details

CVE-2025-62718 allows an attacker to bypass NO_PROXY restrictions through hostname normalization differences, enabling Server-Side Request Forgery (SSRF) attacks. Upgrading to axios 1.15.0 patches this normalization logic.

Test plan

• Verified npm install completes successfully in all 5 directories
• Verified installed axios version is 1.15.0 in all directories
• Integration tests require a running UID2 server — covered by CI

🤖 Generated with Claude Code