[Aikido] Fix 5 security issues in axios, glob, js-yaml and 1 more

[aikido-autofix]

Upgrading axios, glob, js-yaml, tsup to address vulnerabilities.

5 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2025-58754	HIGH	Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (Buffer/Blob) and returns a...
CVE-2025-64756	HIGH	Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <comma...
CVE-2025-64718	MEDIUM	js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-...
AIKIDO-2025-10809	MEDIUM	Affected versions of this package are vulnerable to Prototype Pollution, where the code insufficiently validates properties during merging by checking only own properties with _hasOwnProperty, allowing attackers to craft malicious YAML input that injects keys like __proto__ or constructor into t...
AIKIDO-2025-10811	LOW	Affected versions of this package are vulnerable to DOM Clobbering due to insufficient validation of script tags in the URL resolution logic. The getImportMetaUrl function insecurely relies on document.currentScript and document.baseURI without proper sanitization, allowing attackers to inject...