bumpup axios to fix CVE-2025-7783

[vallerydelexy]

Description

This PR addresses a critical vulnerability reported by Snyk in the form-data package, which is a transitive dependency of axios

Vulnerability: [Predictable Value Range from Previous Values (CVE-2025-7783)](https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150)
Severity: Critical (CVSS 9.4)
Introduced via: axios@1.10.0 > form-data@4.0.0
Remediation: Upgrade form-data to 4.0.4 or higher.

This vulnerability stems from form-data's use of Math.random() for HTTP multipart boundary generation, which allows for predictability and potential exploitation via parameter pollution attacks.
What has been done

Ensured form-data is updated to ^4.0.4, which includes the upstream fix.
Reviewed dependency tree to confirm no remaining vulnerable paths.
Confirmed with snyk test:

✅ Screenshot from Snyk:
✔ Tested 57 dependencies for known issues, no vulnerable paths found.

Tested 104 dependencies for known issues, found 1 issue, 1 vulnerable path.

✗ Predictable Value Range from Previous Values [Critical Severity]
https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150
in form-data@4.0.0 via axios@1.10.0 > form-data@4.0.0

[pascalbaljet]

See also: laravel/laravel#6645

[pascalbaljet]

Thanks!