fix(http): bump axios 1.14.0 → 1.15.0 (critical SSRF vulnerability)

GHSA-3p68-rc4w-qgx5: Axios <1.15.0 has a NO_PROXY hostname normalization
bypass that leads to SSRF. Bumps to 1.15.0 in both fs-http (direct dep)
and fs-loading (dev dep).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Goosterhof

package-lock.json

@@ -41,7 +41,7 @@
     "test:mutation": "stryker run"
   },
   "dependencies": {
-    "axios": "1.14.0"
+    "axios": "^1.15.0"
   },
   "devDependencies": {
     "axios-mock-adapter": "^2.1.0"

packages/http/package.json

@@ -43,7 +43,7 @@
   "devDependencies": {
     "@script-development/fs-http": "^0.1.0",
     "@vue/test-utils": "^2.4.6",
-    "axios": "1.14.0",
+    "axios": "^1.15.0",
     "happy-dom": "^20.8.9",
     "vue": "^3.5.32"
   },