security: fix all critical vuln dependency reports

[sid-bruno]

Description

• App Starts
• CLI Tests running

Contribution Checklist:

• I've used AI significantly to create this pull request
• The pull request only addresses one issue or adds one feature.
• The pull request does not introduce any breaking changes
• I have added screenshots or gifs to help explain the change if applicable.
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.

Publishing to New Package Managers

Please see here for more information.

[coderabbitai]

Walkthrough

This PR updates dependencies across 6 packages in the monorepo: pinning form-data to 4.0.4, updating graphql-request to 4.2.0, bumping aws4-axios to ^3.3.15, and upgrading rollup to 3.30.0 while removing dependency override sections.

Changes

Cohort / File(s)	Summary
form-data pinning packages/bruno-app/package.json, packages/bruno-cli/package.json, packages/bruno-common/package.json, packages/bruno-electron/package.json	Pinned form-data to fixed version 4.0.4 (from ^4.0.0) across multiple packages for consistency.
graphql-request major upgrade packages/bruno-app/package.json	Updated graphql-request from ^3.7.0 to pinned 4.2.0, introducing a major version change.
aws4-axios patch bump packages/bruno-cli/package.json, packages/bruno-electron/package.json	Updated aws4-axios from ^3.3.0 to ^3.3.15 in dependency and cli packages.
rollup minor upgrade & override removal packages/bruno-graphql-docs/package.json, packages/bruno-query/package.json	Updated rollup devDependency to 3.30.0 and removed overrides sections that previously constrained the version.
rsbuild plugin pinning packages/bruno-app/package.json	Pinned @rsbuild/plugin-node-polyfill from ^1.2.0 to 1.2.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• fix: 'axios' module not found locally #7638 — Also updates rollup in packages/bruno-graphql-docs/package.json from 3.29.5 to 3.30.0.
• fix(dependencies): update fast-xml-parser to 5.5.7 and simple-git to … #7602 — Updates rollup versions in multiple bruno packages (bruno-graphql-docs, bruno-query) with similar dependency management changes.

Suggested labels

size/M

Suggested reviewers

• helloanoop
• lohit-bruno
• naman-bruno
• bijin-bruno

Poem

🔧 Dependencies updated, versions pinned tight,
Form-data harmonized across the night,
Graphql-request upgraded, rollup set free,
From override constraints to clarity! 📦✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'security: fix all critical vuln dependency reports' directly aligns with the PR's main objective to address critical vulnerability reports in project dependencies across multiple package.json files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates dependency versions across multiple workspaces to address security/vulnerability reports and align packages with the repo’s pinned tooling versions.

Changes:

• Bump Rollup to 3.30.0 in bruno-query and bruno-graphql-docs, and remove now-redundant per-package Rollup overrides.
• Update aws4-axios to ^3.3.15 and pin form-data to 4.0.4 in the CLI/Electron/common packages.
• Update graphql-request to 4.2.0 and pin @rsbuild/plugin-node-polyfill to 1.2.0 in the app workspace.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/bruno-query/package.json	Update Rollup to 3.30.0; remove Rollup override block.
packages/bruno-graphql-docs/package.json	Update Rollup to 3.30.0; remove Rollup override block.
packages/bruno-electron/package.json	Update aws4-axios and pin form-data to 4.0.4.
packages/bruno-common/package.json	Pin form-data to 4.0.4.
packages/bruno-cli/package.json	Update aws4-axios and pin form-data to 4.0.4.
packages/bruno-app/package.json	Update graphql-request to 4.2.0; pin @rsbuild/plugin-node-polyfill to 1.2.0.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.