Security: Upgrade axios in hdwallet-keepkey-tcp to address CVE-2021-3749

## Description

The axios dependency in `packages/hdwallet-keepkey-tcp/package.json` is currently pinned to `^0.21.1`, which is vulnerable to CVE-2021-3749 (ReDoS via inefficient regular expression complexity).

## Details

- **File**: `packages/hdwallet-keepkey-tcp/package.json` (line 19)
- **Current version**: `^0.21.1`
- **Vulnerability**: CVE-2021-3749 (Regular Expression Denial of Service)
- **Recommended action**: Upgrade to `^0.21.2` or preferably to a maintained 1.x release

## References

- PR: https://github.com/shapeshift/hdwallet/pull/765
- Comment: https://github.com/shapeshift/hdwallet/pull/765#discussion_r2606584962
- Reported by: @gomesalexandre

## Additional Context

This issue was deferred from PR #765 (Zcash Ledger support) as it is unrelated to the primary feature implementation.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: Upgrade axios in hdwallet-keepkey-tcp to address CVE-2021-3749 #767

Description

Details

References

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: Upgrade axios in hdwallet-keepkey-tcp to address CVE-2021-3749 #767

Description

Description

Details

References

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions