fix(security): upgrade axios to 1.15.0 to fix critical CVEs (calcom#28850)

Upgrades axios from 1.13.5 to 1.15.0 in apps/api/v2 and the root
resolutions field to resolve two critical vulnerabilities:

- GHSA-3p68-rc4w-qgx5: NO_PROXY hostname normalization bypass leading to SSRF
- GHSA-fvcv-3m26-pcqx: Unrestricted cloud metadata exfiltration via header injection

Both CVEs are fixed in axios >=1.15.0.

Author: sahitya-chandra

apps/api/v2/package.json

@@ -62,7 +62,7 @@
     "@sentry/node": "9.46.0",
     "@sentry/profiling-node": "9.46.0",
     "@snyk/protect": "latest",
-    "axios": "1.13.5",
+    "axios": "1.15.0",
     "body-parser": "1.20.3",
     "bull": "4.15.1",
     "class-transformer": "0.5.1",

package.json

@@ -138,7 +138,7 @@
     "jpeg-js": "0.4.4",
     "validator": "13.15.22",
     "form-data": "4.0.4",
-    "axios": "1.13.5",
+    "axios": "1.15.0",
     "jws": "4.0.1",
     "jsonwebtoken": "9.0.0",
     "sha.js": "2.4.12",

yarn.lock

@@ -1967,7 +1967,7 @@ __metadata:
     "@types/luxon": "npm:3.4.2"
     "@types/passport-jwt": "npm:3.0.13"
     "@types/supertest": "npm:2.0.16"
-    axios: "npm:1.13.5"
+    axios: "npm:1.15.0"
     body-parser: "npm:1.20.3"
     bull: "npm:4.15.1"
     class-transformer: "npm:0.5.1"
@@ -17900,14 +17900,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"axios@npm:1.13.5":
-  version: 1.13.5
-  resolution: "axios@npm:1.13.5"
+"axios@npm:1.15.0":
+  version: 1.15.0
+  resolution: "axios@npm:1.15.0"
   dependencies:
     follow-redirects: "npm:^1.15.11"
     form-data: "npm:^4.0.5"
-    proxy-from-env: "npm:^1.1.0"
-  checksum: 10/db726d09902565ef9a0632893530028310e2ec2b95b727114eca1b101450b00014133dfc3871cffc87983fb922bca7e4874d7e2826d1550a377a157cdf3f05b6
+    proxy-from-env: "npm:^2.1.0"
+  checksum: 10/d39a2c0ebc7ff4739401b282e726cc2673377949d6c46d60eb619458f8d7a2f7eadbcada7097f4dbc7d5c59abb4d3bf6fac33d474412bc3415d3f5aa7ed45530
   languageName: node
   linkType: hard
 
@@ -33008,6 +33008,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"proxy-from-env@npm:^2.1.0":
+  version: 2.1.0
+  resolution: "proxy-from-env@npm:2.1.0"
+  checksum: 10/fbbaf4dab2a6231dc9e394903a5f66f20475e36b734335790b46feb9da07c37d6b32e2c02e3e2ea4d4b23774c53d8562e5b7cc73282cb43f4a597b7eacaee2ee
+  languageName: node
+  linkType: hard
+
 "pseudomap@npm:^1.0.1":
   version: 1.0.2
   resolution: "pseudomap@npm:1.0.2"