fix(frontend): pin axios version to mitigate supply chain attack

[hieptl]

Summary of PR

axios@1.14.1 has been compromised with a malicious dependency (plain-crypto-js). Remove the caret from the version specifier to prevent accidental resolution to the compromised version.

• Pins axios to exact version 1.13.5 by removing the ^ prefix from the version specifier in frontend/package.json
• This prevents npm install or npm update from resolving to the compromised axios@1.14.1, which introduces a
  malicious dependency (plain-crypto-js)

Context

axios@1.14.1 has been identified as compromised in an active supply chain attack. The malicious plain-crypto-js package
is an obfuscated dropper that executes shell commands, stages payloads in temp directories, and destroys forensic
evidence.

We are currently safe — our package-lock.json already pins axios at 1.13.5 with a verified integrity hash, and
npm ci (used in CI) strictly respects the lockfile. However, the previous ^1.13.5 specifier meant that any developer
running npm install or npm update could inadvertently resolve to 1.14.1 and update the lockfile. Pinning the exact
version eliminates that risk

Demo Screenshots/Videos

Change Type

• Bug fix
• New feature
• Breaking change
• Refactor
• Other (dependency update, docs, typo fixes, etc.)

Checklist

• I have read and reviewed the code and I understand what the code is doing.
• I have tested the code to the best of my ability and ensured it works as expected.

Fixes

Resolves #(issue)

Release Notes

• Include this change in the Release Notes.

---

To run this PR locally, use the following command:

GUI with Docker:

docker run -it --rm   -p 3000:3000   -v /var/run/docker.sock:/var/run/docker.sock   --add-host host.docker.internal:host-gateway   -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.openhands.dev/openhands/runtime:a5dbd65-nikolaik   --name openhands-app-a5dbd65   docker.openhands.dev/openhands/openhands:a5dbd65

[all-hands-bot]

🟢 Good taste - Simple, pragmatic security fix. Core change is solid.

[all-hands-bot]

🟢 Acceptable: Pinning to exact version is the right pragmatic choice here.

Security verification: I confirmed axios@1.14.1 no longer exists on npm (latest is 1.14.0), validating that the threat was real and the compromised version was pulled.

Minor improvement suggestions:

1. Add an Evidence section to the PR description showing npm install && npm run build succeeds
2. Consider checking the "Include in Release Notes" box - users should know about this security fix
3. Document the upgrade path: Will you stay on 1.13.5 long-term or upgrade to 1.14.0+ once vetted?

None of these block the PR - the core fix is sound.

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.

[enyst]

Thank you, it helps.

I think it’s worth looking into the npm links shared by @llamantino , to require ~7 days since the package release. Otherwise some dependabot update could bring in a compromised package. cc: @aivong-openhands