Bump axios in UI packages to patched release

[arpitjain099]

Summary

• Bump axios in both UI packages from ^1.8.4 to ^1.16.0:
  • airflow-core/src/airflow/ui/package.json
  • airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/package.json
• Refresh lockfiles accordingly:
  • both pnpm-lock.yaml files
  • package-lock.json in simple auth UI

Why

Dependabot reports multiple open advisories on vulnerable axios ranges in these UI dependency manifests. Updating to a patched axios line addresses the shared vulnerability bucket across these locks.

Validation

• pnpm install --frozen-lockfile --ignore-scripts in airflow-core/src/airflow/ui
• pnpm install --frozen-lockfile --ignore-scripts in airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui
• npm ci --ignore-scripts --legacy-peer-deps in airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide
Here are some useful points:

• Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
• In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example Dag that shows how users should use it.
• Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
• Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
• Be sure to read the Airflow Coding style.
• Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
  Apache Airflow is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: dev@airflow.apache.org
  Slack: https://s.apache.org/airflow-slack

[venkatamandavilli-code]

Thanks for the update.

Since this change bumps axios to a patched version, have you validated if there are any behavioral changes impacting existing API calls, especially around error handling or interceptors?

It might also be helpful to confirm compatibility across different UI environments.

[bbovenzi]

Merge conflicts

[arpitjain099]

@bbovenzi rebased onto current main. On main today the simple-auth UI already pins axios@^1.16.0 (looks like that landed via another PR), so the only remaining change here is the bump in airflow-core/src/airflow/ui/package.json from ^1.15.2 to ^1.16.0 plus regenerated pnpm-lock.yaml. Conflicts cleared.

[boring-cyborg]

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

[choo121600]

Thanks for the contribution :)

[venkatamandavilli-code]

Thank you! I appreciate the review and support. Glad to contribute to the project.