chore(deps): bump axios, uuid and add security overrides

[sriramveeraghanta]

Summary

• Bump catalog versions: axios 1.15.0 → 1.15.2, uuid 13.0.0 → 14.0.0
• Add pnpm overrides to pin transitive deps: postcss >=8.5.10, follow-redirects >=1.16.0
• Route axios and uuid through the catalog via overrides so transitive consumers pick up the bumped versions

Test plan

• pnpm install resolves cleanly with the updated lockfile
• CI build/lint/tests pass across web, space, admin, live, and API consumers
• Verify no runtime regressions in features that depend on axios (HTTP clients) or uuid (id generation)

Summary by CodeRabbit

• Chores
  • Updated dependency resolutions in the workspace to stable, pinned versions (including axios, uuid, postcss, follow-redirects and defu) to improve stability and security of the application runtime.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e06c381c-f5fc-4445-8af4-63f78a674455

📥 Commits

Reviewing files that changed from the base of the PR and between 2bdb8a3 and 8074f9f.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Updated pnpm dependency resolution: package.json adds/adjusts pnpm.overrides (keeping defu@6.1.5, adding overrides for postcss, axios, follow-redirects, uuid); pnpm-workspace.yaml updates catalog mappings for axios (to 1.15.2) and uuid (to 14.0.0).

Changes

Cohort / File(s)	Summary
pnpm overrides package.json	Updated pnpm.overrides: retained defu at 6.1.5; added/adjusted overrides for postcss (8.5.10), axios (catalog reference), follow-redirects (1.16.0), and uuid (catalog reference).
pnpm catalog pnpm-workspace.yaml	Bumped catalog-resolved versions: axios from 1.15.0 → 1.15.2, and uuid from 13.0.0 → 14.0.0. No other workspace entries changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hop through package maps so neat,
Pinning versions, tidy and fleet,
Postcss, axios, uuid in line,
Follow-redirects fixed just fine,
Cheers to builds that stay sublime!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: bumping axios and uuid versions and adding security-related overrides for dependencies.
Description check	✅ Passed	The description provides a clear summary and test plan, but is missing several required template sections like Type of Change, Screenshots, and References.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-deps-security-overrides

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates the monorepo’s dependency catalog and pnpm overrides to pick up patched versions of axios/uuid and to enforce minimum versions for security-sensitive transitive dependencies.

Changes:

• Bump catalog versions: axios → 1.15.2 and uuid → 14.0.0.
• Add pnpm overrides for postcss and follow-redirects, and route axios/uuid via overrides so transitive consumers resolve to the bumped versions.
• Regenerate pnpm-lock.yaml to reflect the updated resolutions.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
pnpm-workspace.yaml	Updates the shared catalog versions for axios and uuid.
package.json	Adds pnpm overrides (including security-related minimums) and routes axios/uuid via catalog-based overrides.
pnpm-lock.yaml	Captures the updated resolved versions and new override constraints in the lockfile.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

package.json (1)

80-80: Heads up: postcss pin in packages/tailwind-config will be silently overridden.

packages/tailwind-config/package.json explicitly pins postcss: 8.5.6, which is below the new >=8.5.10 override and will be quietly bumped. That's the intended outcome for a security override, but the pinned version there will diverge from what actually resolves. Consider updating that package's declared version too so the manifest matches reality (and so anyone reading it doesn't get misled).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 80, The postcss version pinned in
packages/tailwind-config (postcss: "8.5.6") will be silently overridden by the
security override "postcss": ">=8.5.10"; update the declared postcss version in
the packages/tailwind-config package manifest to match the enforced range (e.g.,
change the postcss field from "8.5.6" to a compatible spec such as ">=8.5.10" or
a specific patched version) so the package.json reflects the actual resolved
dependency and avoids misleading readers.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 80-82: The overrides use unbounded >= ranges for postcss and
follow-redirects which allows silent major upgrades; update the package.json
override entries for "postcss" and "follow-redirects" to use bounded ranges
(e.g., caret ranges like ^8.5.10 and ^1.16.0 or explicit upper bounds like
>=8.5.10 <9.0.0 and >=1.16.0 <2.0.0) so installs won't automatically pull
breaking major versions while still addressing the advisory.

---

Nitpick comments:
In `@package.json`:
- Line 80: The postcss version pinned in packages/tailwind-config (postcss:
"8.5.6") will be silently overridden by the security override "postcss":
">=8.5.10"; update the declared postcss version in the packages/tailwind-config
package manifest to match the enforced range (e.g., change the postcss field
from "8.5.6" to a compatible spec such as ">=8.5.10" or a specific patched
version) so the package.json reflects the actual resolved dependency and avoids
misleading readers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6c92f325-5a22-40ee-bafb-5b19356ef184

📥 Commits

Reviewing files that changed from the base of the PR and between 03a2be8 and 2bdb8a3.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• package.json
• pnpm-workspace.yaml