[Snyk] Fix for 2 vulnerabilities

[sestinj]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• core/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Unintended Proxy or Intermediary ('Confused Deputy') SNYK-JS-AXIOS-15965856	848
	HTTP Response Splitting SNYK-JS-AXIOS-15969258	636

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Summary by cubic

Upgrade axios to 1.15.0 to patch two vulnerabilities and bump vectordb to 0.21.2. This reduces security risk in core with no code changes.

• Dependencies
  • axios: ^1.6.7 → ^1.15.0 — fixes Confused Deputy and HTTP response splitting vulnerabilities.
  • vectordb: 0.4.20 → 0.21.2.

^{Written for commit b40f38c. Summary will update on new commits.}

[continue]

Documentation Review

No documentation updates needed for this PR.

Reason: This is a security-focused dependency update (axios and vectordb version bumps) that addresses internal vulnerabilities. These changes are implementation details that don't affect:

• User-facing APIs or behavior
• Configuration options or setup procedures
• Feature functionality or usage patterns

Dependency version changes in package.json are internal maintenance and don't require documentation changes.

[cubic-dev-ai]

No issues found across 1 file