fix: pin axios to 1.15.0 (1.14.0 has a few CVEs)

[mnemotiv]

Currently used axios version (=1.14.0) is affected by these CRITICAL CVEs:

• Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain - GHSA-fvcv-3m26-pcqx
• Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF - GHSA-3p68-rc4w-qgx5

This PR bumps up axios and @ton/ton versions.

Summary by CodeRabbit

• Bug Fixes
  • Addressed a critical security vulnerability in axios with a dependency update
• Chores
  • Bumped package version to 0.44.2
  • Updated @ton/ton dependency to a newer compatible version
  • Documentation updates

[coderabbitai]

📝 Walkthrough

Walkthrough

A patch release (0.44.2) updates axios from 1.14.0 to 1.15.0 to address a critical vulnerability, with an accompanying minor @ton/ton dependency bump to ^16.2.4 and changelog documentation.

Changes

Cohort / File(s)	Summary
Version and Dependency Updates package.json	Bumped @ton/blueprint from 0.44.1 to 0.44.2; updated @ton/ton from ^16.2.3 to ^16.2.4; upgraded axios from 1.14.0 to 1.15.0 to address critical vulnerability.
Changelog Documentation CHANGELOG.md	Added entry for version 0.44.2 documenting axios security update; removed trailing whitespace from existing entries.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• fix: pin axios to 1.14.0 to prevent upgrade to compromised 1.14.1 #350: Directly related security fix; addresses compromised axios releases by pinning version (PR pins to 1.14.0, this PR upgrades to 1.15.0 to avoid 1.14.0 vulnerability).

Poem

🐰 A vulnerable axios caused quite the fright,
So up to 1.15.0, we patched it right,
Dependencies bumped with care and with grace,
Blueprint 0.44.2 keeps pace! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description explains the security vulnerability and the solution, but does not follow the provided template structure. Required checklist items (CHANGELOG.md update, README.md documentation, tests, linting) are not addressed.	Update the description to follow the template format, including the checklist items and explicitly confirming that CHANGELOG.md was updated, tests pass, and linting checks pass.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: pinning axios to 1.15.0 to fix critical CVEs in 1.14.0. It directly relates to the primary objective of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 31: The import of WalletContractV4 from the internal path
'@ton/ton/dist/wallets/WalletContractV4' is fragile; update
src/network/send/wallets.ts to import WalletContractV4 (and any other symbols
currently pulled from '@ton/ton/dist/*') from the package's documented top-level
exports (e.g. import { WalletContractV4 } from '@ton/ton') and remove direct
references to internal dist paths, and scan the repo for other '@ton/ton/dist/*'
imports and replace them with the corresponding public exports before upgrading
to v16.2.4.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 64dc20b3-c170-46c5-a6e5-a2070fef8b70

📥 Commits

Reviewing files that changed from the base of the PR and between da8e511 and f959ae8.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• CHANGELOG.md
• package.json

[github-actions]

🎉 @mnemotiv, your reward is ready! Claim it here