chore(deps): bump axios 1.15.2 and patch follow-redirects advisory

[sriramveeraghanta]

Summary

• Bump axios 1.15.0 → 1.15.2.
• Pin follow-redirects to 1.16.0 via pnpm override to resolve GHSA-r4q5-vmmm-2653 (custom auth headers leaked on cross-domain redirects; all <=1.15.11 versions vulnerable). The advisory lists patched range as >=1.15.12, but no 1.15.12 was ever published — the fix shipped as 1.16.0.
• Migrate existing overrides (js-yaml, minimatch@3, handlebars) from package.json's pnpm.overrides to a new pnpm-workspace.yaml, since pnpm v11 no longer reads the package.json field (was silently ignoring all four overrides).
• Bump packageManager to pnpm@11.3.0.

Test plan

• pnpm install resolves cleanly
• pnpm audit reports no known vulnerabilities (verified locally)
• pnpm build succeeds
• pnpm test:unit passes

Summary by CodeRabbit

• Chores
  • Updated dependencies and package manager configuration to ensure stability and security across the project.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR upgrades axios to 1.15.2, updates the pnpm package manager to 11.3.0, and consolidates dependency overrides from package.json to pnpm-workspace.yaml with specific version pins for transitive dependencies.

Changes

Dependency and Package Manager Updates

Layer / File(s)	Summary
Axios bump, pnpm upgrade, and overrides consolidation package.json, pnpm-workspace.yaml	Axios is bumped from 1.15.0 to 1.15.2 and pnpm is upgraded from 10.32.1 to 11.3.0 in package.json. The pnpm.overrides block is removed from package.json and relocated to pnpm-workspace.yaml with pinned versions for js-yaml (4.1.1), minimatch@3 (3.1.4), handlebars (4.7.9), and follow-redirects (1.16.0).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A version bump, a pnpm leap,
Dependencies consolidated, no longer to keep,
From package to workspace, overrides now flow,
Cleaner configs and safer deps below! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main changes: bumping axios to 1.15.2 and addressing the follow-redirects security advisory by pinning it to 1.16.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-axios-follow-redirects-security

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}