feat(deps): Upgrade blueprint-web to 12.93.4-BUIE

[jfox-box]

BUIE needs to be updated to this suffixed version of blueprint to avoid CSS issues.

Summary by CodeRabbit

• Chores
  • Updated blueprint web package dependencies to latest compatible versions.

[coderabbitai]

Walkthrough

Updates dependency and peerDependency versions in package.json for two Box blueprint packages: @box/blueprint-web from ^12.92.3 to ^12.93.4-BUIE and @box/blueprint-web-assets from ^4.76.5 to ^4.78.4.

Changes

Cohort / File(s)	Summary
Dependency version updates package.json	Updated @box/blueprint-web to ^12.93.4-BUIE and @box/blueprint-web-assets to ^4.78.4 in both dependencies and peerDependencies sections

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Verify version compatibility between @box/blueprint-web and @box/blueprint-web-assets
• Confirm the pre-release version @box/blueprint-web@^12.93.4-BUIE is intentional
• Check if related code updates are needed for the icon export changes mentioned in related PRs

Possibly related PRs

• feat(metadata-view): update blueprint web version #4288: Updates the same blueprint packages and adapts code to renamed icon exports that accompany the version bumps.
• chore: Upgrade blueprint-web to v12.78.0 #4319: Directly modifies the same package.json dependency entries for these two blueprint packages.
• feat(deps): upgrade package dependencies #4359: Further updates the same package.json dependency and peerDependency versions.

Suggested labels

ready-to-merge

Suggested reviewers

• tjuanitas
• jpan-box

Poem

🐰 A blueprint bump, a version rise,
Two packages dance before our eyes,
From twelve to thirteen, four to eight,
Dependencies aligned, collaboration's fate! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description provides a brief explanation of why the update is needed (CSS issues), but lacks structured sections matching the template format with detailed change descriptions or testing information.	Consider adding more structured details about what CSS issues are being resolved and any testing performed to validate the changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title directly matches the main change: updating blueprint-web to version 12.93.4-BUIE. It is concise, specific, and clearly summarizes the primary change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch upgrade-bp-12.93.4-BUIE

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

package.json (1)

127-127: Consider whether exact pinning is appropriate for the -BUIE suffixed version.

The ^12.93.4-BUIE constraint uses a caret, which normally allows patch updates. However, if the -BUIE suffix represents a specific release to resolve CSS issues (per the PR description), you may want to consider whether exact pinning (12.93.4-BUIE without the ^) would be more appropriate to avoid unexpected version changes.

If you want stricter control:

-        "@box/blueprint-web": "^12.93.4-BUIE",
+        "@box/blueprint-web": "12.93.4-BUIE",

Also applies to: 299-299

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4851c37 and d82f063.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json (2 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: tjuanitas
Repo: box/box-ui-elements PR: 4224
File: package.json:296-297
Timestamp: 2025-08-12T18:04:17.698Z
Learning: In the box-ui-elements project, the team is comfortable with raising peerDependency minimum versions when upgrading blueprint-web packages, even if it's a breaking change for consumers.

📚 Learning: 2025-08-12T18:04:17.698Z

Learnt from: tjuanitas
Repo: box/box-ui-elements PR: 4224
File: package.json:296-297
Timestamp: 2025-08-12T18:04:17.698Z
Learning: In the box-ui-elements project, the team is comfortable with raising peerDependency minimum versions when upgrading blueprint-web packages, even if it's a breaking change for consumers.

Applied to files:

• package.json

📚 Learning: 2025-08-21T19:19:44.584Z

Learnt from: jpan-box
Repo: box/box-ui-elements PR: 4237
File: src/api/ZipDownload.ts:6-8
Timestamp: 2025-08-21T19:19:44.584Z
Learning: For Box TypeScript SDK integrations, jpan-box prefers deep imports (e.g., from box-typescript-sdk-gen/lib/schemas/...generated.d.ts.js) over defining local types, citing that Box v2 APIs don't typically have breaking changes, making the deep import approach more viable despite potential brittleness.

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: lint_test_build
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Summary

🔇 Additional comments (1)

package.json (1)

127-128: Consistent dependency updates across devDependencies and peerDependencies.

The changes update both @box/blueprint-web and @box/blueprint-web-assets consistently in both sections, maintaining alignment between development and peer dependencies. This is good practice and aligns with the team's approach from prior PRs regarding blueprint-web version updates.

Based on learnings from prior Box UI Elements PRs, the team is comfortable with raising peerDependency minimum versions when upgrading blueprint packages.

Also applies to: 299-300

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify both updated package versions exist on npm registry.

The changes update @box/blueprint-web and @box/blueprint-web-assets consistently across both dependencies and peerDependencies, which is good. However, the -BUIE suffix on the blueprint-web version is non-standard, and web search results suggest @box/blueprint-web-assets 4.78.4 may not exist (latest shown: 4.42.1).

Also applies to: 299-300

---

🏁 Script executed:

#!/bin/bash
# Verify the specified package versions exist on npm

echo "Checking @box/blueprint-web versions..."
npm view @box/blueprint-web@12.93.4-BUIE version 2>&1

echo ""
echo "Checking @box/blueprint-web-assets versions..."
npm view @box/blueprint-web-assets@4.78.4 version 2>&1

echo ""
echo "Checking latest versions available..."
npm view @box/blueprint-web@latest version
npm view @box/blueprint-web-assets@latest version

Length of output: 546

---

---

🏁 Script executed:

#!/bin/bash
# Check for npm registry configuration and custom build setup

echo "=== Checking for .npmrc configuration ==="
if [ -f .npmrc ]; then
  cat .npmrc
else
  echo "No .npmrc file found"
fi

echo ""
echo "=== Checking package.json for npm registry config ==="
rg -A 5 '"registry"' package.json 2>/dev/null || echo "No registry config in package.json"

echo ""
echo "=== Searching for BUIE version references ==="
rg -r "BUIE|12\.93\.4" --type=json --type=md . 2>/dev/null | head -20

echo ""
echo "=== Checking for .npmrc.example or similar ==="
fd -i "npmrc" . 2>/dev/null

echo ""
echo "=== Checking package.json scripts for custom build ==="
jq '.scripts' package.json 2>/dev/null | grep -i "build\|publish\|version" || echo "No relevant scripts"

Length of output: 11675

---

---

🏁 Script executed:

#!/bin/bash
# Get exact content of package.json lines around the changed versions

echo "=== Lines 120-135 of package.json ==="
sed -n '120,135p' package.json

echo ""
echo "=== Lines 295-305 of package.json ==="
sed -n '295,305p' package.json

echo ""
echo "=== Check if yarn.lock or package-lock.json exists ==="
if [ -f yarn.lock ]; then
  echo "yarn.lock found - searching for blueprint-web versions..."
  grep -A 2 "@box/blueprint-web" yarn.lock | head -20
fi

if [ -f package-lock.json ]; then
  echo "package-lock.json found - searching for blueprint-web versions..."
  grep -A 2 "@box/blueprint-web" package-lock.json | head -20
fi

Length of output: 2110

---

Remove or clarify the non-standard -BUIE suffix in @box/blueprint-web version spec.

The package.json specifies @box/blueprint-web@^12.93.4-BUIE, but yarn.lock shows it resolves to 12.93.4 (without the suffix) from the public npm registry. The -BUIE suffix doesn't prevent installation but creates a misleading version spec that doesn't match what actually gets installed.

Either: (1) use ^12.93.4 if the intent is the standard version, or (2) if -BUIE represents a custom build, ensure that exact version is published and resolvable. The @box/blueprint-web-assets@^4.78.4 version is correctly specified and resolves as expected.

🤖 Prompt for AI Agents

In package.json around lines 127 to 128, the dependency "@box/blueprint-web":
"^12.93.4-BUIE" uses a non-standard "-BUIE" suffix that does not match the
resolved version in yarn.lock (12.93.4); either remove the suffix and change the
spec to "^12.93.4" or, if "-BUIE" denotes a custom build, publish that exact
semver tag to a registry and update package.json to point to the resolvable
package (or use a cid/git/registry URL that resolves to the custom build) so the
declared version matches what actually installs.

[jfox-box]

No longer needed, upgrading to 12.93.5

[tjuanitas]

no