axios@1.12.2 vulnerability (CVE-2026-25639)

### Describe the bug

There is vulnerability in axios@1.12.3 used by @module-federation package:
https://nvd.nist.gov/vuln/detail/CVE-2026-25639

<img width="1180" height="528" alt="Image" src="https://github.com/user-attachments/assets/85d54bea-4dcb-44d0-bb3a-7de1567ec1a2" />

Proposed fix:
Upgrade to version 1.13.5.

--- 
NOTE: there is already a PR open for that:
https://github.com/module-federation/core/pull/4406

### Reproduction

https://github.com/module-federation/core/blob/main/package.json#L158

### Used Package Manager

npm

### System Info

```shell
n/a
```

### Validations

- [x] Read the [docs](https://github.com/module-federation/core).
- [x] Read the [common issues list](https://github.com/module-federation/core/issues).
- [x] Check that there isn't [already an issue](https://github.com/module-federation/core/issues) that reports the same bug to avoid creating a duplicate.
- [x] Make sure this is a Module federation issue and not a framework-specific issue.
- [x] The provided reproduction is a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example) of the bug.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

axios@1.12.2 vulnerability (CVE-2026-25639) #4492

Describe the bug

Reproduction

Used Package Manager

System Info

Validations

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Uh oh!

Uh oh!

axios@1.12.2 vulnerability (CVE-2026-25639) #4492

Description

Describe the bug

Reproduction

Used Package Manager

System Info

Validations

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions