chore: update dependencies (Django, cryptography, axios, lodash)

[sriramveeraghanta]

Summary

• Update Django 4.2.29 → 4.2.30
• Update cryptography 46.0.6 → 46.0.7
• Update axios 1.13.5 → 1.15.0
• Update lodash 4.17.23 → 4.18.0

Test plan

• Verify API server starts correctly with updated Django and cryptography
• Verify frontend builds and runs with updated axios and lodash
• Run existing test suites to check for regressions

Summary by CodeRabbit

• Chores
  • Updated core dependencies to improve security, stability, and compatibility. Includes framework, cryptography, utility library, and HTTP client updates to ensure more reliable behavior and receive upstream fixes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d051213f-6394-43fd-995f-e57c15cb8ae4

📥 Commits

Reviewing files that changed from the base of the PR and between 7be10d2 and dc8625f.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json

✅ Files skipped from review due to trivial changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Pinned dependency versions were updated in three config files: apps/api/requirements/base.txt (Django, cryptography), package.json (pnpm.overrides.lodash), and pnpm-workspace.yaml (axios). No source code or public API entities changed.

Changes

Cohort / File(s)	Summary
Dependency files apps/api/requirements/base.txt, package.json, pnpm-workspace.yaml	Bumped pinned versions: Django 4.2.29 → 4.2.30, cryptography 46.0.6 → 46.0.7, lodash override 4.17.23 → 4.18.1, and axios 1.13.5 → 1.15.0. No code or public API changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 I hopped through manifests with cheer,
Bumped Django, lodash, axios near,
Cryptography got a tiny lift,
Versions polished—swift and spry,
A rabbit's update lullaby.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description is missing required template sections including Type of Change, Screenshots/Media, and detailed References, though it provides a test plan as an alternative.	Complete the pull request description by adding the Type of Change checklist (marking Improvement or other applicable types) and filling in missing template sections for consistency.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: updating multiple dependencies (Django, cryptography, axios, lodash) across the codebase.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/update-dependencies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates core backend and frontend dependencies in the monorepo to pick up recent patch/minor releases.

Changes:

• Bump API dependencies: Django 4.2.29 → 4.2.30 and cryptography 46.0.6 → 46.0.7.
• Bump JS dependencies: axios 1.13.5 → 1.15.0 and update lockfile accordingly.
• Change pnpm override to force lodash 4.18.0 across the workspace.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.

File	Description
pnpm-workspace.yaml	Updates the shared catalog version for axios.
pnpm-lock.yaml	Applies axios/lodash resolution changes; updates transitive deps (e.g., proxy-from-env).
package.json	Updates pnpm override to force lodash 4.18.0 globally.
apps/api/requirements/base.txt	Bumps Django and cryptography pins for the API service.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/api/requirements/base.txt`:
- Line 4: The requirements pin currently lists "Django==4.2.30", which is EOL
for 4.2; update the dependency to a supported major (e.g. change the pin to
"Django>=5.2,<6.0" or the specific vetted 5.2.x release) and then run full
compatibility checks: run the test suite, check and update any deprecated
settings/views/middleware, run migrations in a staging env, and update any
dependent packages that require newer Django APIs before merging; ensure CI
passes and add a note to the changelog/upgrade plan documenting the change.

In `@package.json`:
- Line 65: Update the pinned lodash dependency in package.json from "4.18.0" to
a non-deprecated release (e.g., "4.18.1") or change the pin to a supported
version such as "4.17.21" or a semver range; locate the "lodash": "4.18.0" entry
in package.json and modify it accordingly, then run your dependency installer
(npm/yarn) and re-run tests to ensure nothing breaks.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ff04d2f8-25b4-45a8-bd04-6cef03833553

📥 Commits

Reviewing files that changed from the base of the PR and between c21d2c6 and 7be10d2.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• apps/api/requirements/base.txt
• package.json
• pnpm-workspace.yaml