chore(SEC-10810): upgrade axios to 0.30.3

[phantom-autopilot]

Summary

• Pin transitive axios to 0.30.3 via Yarn resolutions to address GHSA-43fc-jf86-j433 (CVE-2026-25639) — Denial of Service via __proto__ key in mergeConfig (vulnerable range <= 0.30.2).
• axios is only a transitive dev dependency (appium/selenium); locked copies were 0.19.2 and 0.28.0 — both now resolve to 0.30.3.

Linear

• SEC-10810

Test plan

• yarn install regenerates yarn.lock with single axios entry at 0.30.3
• yarn list --pattern axios reports only axios@0.30.3
• yarn lint (tsc --noEmit + eslint) passes
• CodeRabbit local review clean (no actionable code findings)

🤖 Generated with Claude Code

Summary by CodeRabbit

Chores

• Updated axios dependency resolution to version 0.30.3.

[phantom-autopilot]

PR opened by agent

#44

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2b3c2ced-fbc8-4c41-a1b4-38198012f674

📥 Commits

Reviewing files that changed from the base of the PR and between 413d5ea and 71ecaca.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

---

📝 Walkthrough

Walkthrough

The pull request adds a dependency resolution override to package.json, pinning the axios package to version 0.30.3. This constrains axios across all direct and transitive dependencies in the project to the specified version.

Changes

Dependency Management

Layer / File(s)	Summary
Axios Version Resolution package.json	A resolutions block is added to pin axios to version 0.30.3, overriding any other declared versions of that dependency.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding a Yarn resolutions entry to upgrade axios to 0.30.3 to address a security vulnerability, as described in the PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch autopilot2/sec-10810_high-upgrade-axios-in-github-com-phantom-react-native-webvie

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}