Issue Description
Hello Authorize.Net,

We’ve identified that the SDK relies on a vulnerable version of axios (= 1.8.3), which is affected by a Denial of Service vulnerability related to improper handling of the proto key inside the mergeConfig function.

Vulnerability Summary
In axios versions <= 1.8.3, the mergeConfig implementation crashes with:
TypeError: merge is not a function

when processing configuration objects containing proto as an own enumerable property (e.g., objects created via JSON.parse()).

Impact
Any application using this SDK that:
Accepts user-controlled JSON
Parses it with JSON.parse()
Passes it into axios configuration
may crash due to this issue.
Because this results in process termination, it represents a Denial of Service risk.

Suggested Fix
Please update the axios dependency to:

"dependencies": {
"axios": "^1.13.5"
}

Thank you for maintaining the SDK and for reviewing this security-related dependency update. Please let us know if any additional details are required.