Update Axios to v0.30.0 in FluidFramework v1

[woohyun7878]

Are there any plans to release future versions of FluidFramework v1 with compatibility for Axios v0.30.0?

We are being flagged for CVE-2025-27152 because FluidFramework v1.x.x have a semantic versioning requirement for the Axios package versions '^0.2x.x'.

If your team is still maintaining FF v1, Axios dependency versions should be upgraded to >= 0.30.0 to remediate SSRF and credential leakage threats. The jump to 0.30.0 includes enough behavioral changes to warrant careful regression testing, but the actual breaking changes are not major between Axios v0.29.x and v0.30.x (https://github.com/axios/axios/releases?q=0.30.0&expanded=true).

Bullet Point Summary:

• My team has a large monorepo with a good number of packages depending on @fluidfamework/* v1.x.x, but we also need to remediate CVE-2025-27152 ASAP.
• FluidFramework v1 packages are incompatible with secure versions of Axios (>=0.30.0) due to major upgrade requirements.
• Upgrading to FluidFramework v2 on our end introduces breaking API changes and deprecated objects, making it a non-trivial task.
• Updating the FluidFramework v1 pacakge directly to support Axios v0.30.0 could address the security issue faster and avoid major upgrades.