chore: patch wait-on/axios

[reneshen0328]

Resolve issue:

• https://github.com/box/box-ui-elements/security/dependabot/417
• https://github.com/box/box-ui-elements/security/dependabot/418

Summary by CodeRabbit

• Chores
  • Updated dependency resolution configurations to enhance package compatibility and stability.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d9f6e57a-57e3-438d-9fb5-b550f779b658

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The PR adds a dependency resolution override in package.json to pin the nested wait-on/axios package to version ^1.15.2. This enforces a specific version of axios when installed as a transitive dependency of wait-on, without modifying direct dependencies or package scripts.

Changes

Dependency Resolution Override

Layer / File(s)	Summary
Dependency Override package.json	Added wait-on/axios resolution entry pinning to ^1.15.2 in the resolutions section.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• box/box-ui-elements#4507: Both PRs modify package.json dependency resolution for axios/wait-on packages.
• box/box-ui-elements#4213: Both PRs update wait-on/axios dependency resolutions in package.json.

Suggested labels

ready-to-merge

Suggested reviewers

• tjuanitas
• jfox-box
• jpan-box

Poem

🐰 A tiny hop in package.json,
One override, no big commotion—
Axios nestled, pinned just right,
Wait-on's friend in version flight! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The pull request description provides issue references and includes repository guidance template, but lacks detailed explanation of what was changed and why.	Add a clear description of the changes made (e.g., which dependencies were updated and to what versions) and explain the security vulnerabilities being addressed by these updates.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: patching the wait-on/axios dependency.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore-patch-wait-on-axios

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

package.json (1)

368-368: ⚡ Quick win

Consider the implications of having multiple axios versions.

This resolution will force wait-on to use axios ^1.15.2 while the project directly depends on axios ^0.31.1 (line 187). This is a valid approach for addressing security issues in transitive dependencies, but be aware:

• Both axios versions may be bundled, increasing bundle size
• If wait-on actually requires axios 0.x APIs that changed in 1.x, runtime errors could occur during e2e test setup (the cy:wait script uses wait-on)

Consider testing the cy:wait and e2e test flows after this change to ensure wait-on works correctly with axios 1.x.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 368, The package.json resolution adds "wait-on/axios":
"^1.15.2" while the project also depends on "axios": "^0.31.1", which can
produce two axios bundles or runtime mismatches for wait-on; either upgrade the
project's top-level "axios" to a compatible 1.x version or remove/adjust the
resolution and instead upgrade wait-on to a release that depends on axios 1.x,
then run the cy:wait script and full e2e test suite to verify wait-on works (or
add an explicit single-version override in package.json if using yarn/ npm
overrides) and ensure no runtime errors occur during test setup.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@package.json`:
- Line 368: The package.json resolution adds "wait-on/axios": "^1.15.2" while
the project also depends on "axios": "^0.31.1", which can produce two axios
bundles or runtime mismatches for wait-on; either upgrade the project's
top-level "axios" to a compatible 1.x version or remove/adjust the resolution
and instead upgrade wait-on to a release that depends on axios 1.x, then run the
cy:wait script and full e2e test suite to verify wait-on works (or add an
explicit single-version override in package.json if using yarn/ npm overrides)
and ensure no runtime errors occur during test setup.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a02ba1c0-a59a-4e8c-a523-9f5fb1606dce

📥 Commits

Reviewing files that changed from the base of the PR and between 4c8cf11 and 0441f91.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-05-08 19:54 UTC · Rule: Automatic strict merge
• ✅ Checks skipped · PR is already up-to-date
• ✅ Merged — 2026-05-08 19:54 UTC · at 889ecc084eca8b52ce3fdd3a09e4251e923f0625 · squash

This pull request spent 11 seconds in the queue, including 2 seconds running CI.

Required conditions to merge

• #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • chore: patch wait-on/axios #4543
• #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • chore: patch wait-on/axios #4543
• #review-threads-unresolved = 0 [🛡 GitHub branch protection]
  • chore: patch wait-on/axios #4543
• branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
  • chore: patch wait-on/axios #4543
• any of [🛡 GitHub branch protection]:
  • check-success = Summary
  • check-neutral = Summary
  • check-skipped = Summary
• any of [🛡 GitHub branch protection]:
  • check-success = lint_test_build
  • check-neutral = lint_test_build
  • check-skipped = lint_test_build
• any of [🛡 GitHub branch protection]:
  • check-success = license/cla
  • check-neutral = license/cla
  • check-skipped = license/cla
• any of [🛡 GitHub branch protection]:
  • check-success = lint_pull_request
  • check-neutral = lint_pull_request
  • check-skipped = lint_pull_request