fix(orchestrator): update axios dependencies (#2767) (#2810)

lholmquist · web-flow · commit 1bd539f22b12 · 2026-04-17T08:20:49.000-04:00
diff --git a/workspaces/orchestrator/.changeset/lucky-cars-study.md b/workspaces/orchestrator/.changeset/lucky-cars-study.md
@@ -0,0 +1,7 @@
+---
+'@red-hat-developer-hub/backstage-plugin-scaffolder-backend-module-orchestrator': patch
+'@red-hat-developer-hub/backstage-plugin-orchestrator-common': patch
+'@red-hat-developer-hub/backstage-plugin-orchestrator': patch
+---
+
+fix: update axios for CVE-2026-40175
diff --git a/workspaces/orchestrator/plugins/orchestrator-common/package.json b/workspaces/orchestrator/plugins/orchestrator-common/package.json
@@ -58,7 +58,7 @@
     "@backstage/plugin-permission-common": "^0.9.3",
     "@backstage/types": "^1.2.2",
     "@serverlessworkflow/sdk-typescript": "^0.8.4",
-    "axios": "^1.11.0",
+    "axios": "^1.15.0",
     "js-yaml": "^4.1.0"
   },
   "devDependencies": {
diff --git a/workspaces/orchestrator/plugins/orchestrator/package.json b/workspaces/orchestrator/plugins/orchestrator/package.json
@@ -65,7 +65,7 @@
     "@red-hat-developer-hub/backstage-plugin-orchestrator-common": "workspace:^",
     "@red-hat-developer-hub/backstage-plugin-orchestrator-form-api": "workspace:^",
     "@red-hat-developer-hub/backstage-plugin-orchestrator-form-react": "workspace:^",
-    "axios": "^1.11.0",
+    "axios": "^1.15.0",
     "json-schema": "^0.4.0",
     "json-schema-library": "^9.0.0",
     "lodash": "^4.17.21",
diff --git a/workspaces/orchestrator/plugins/scaffolder-backend-module-orchestrator/package.json b/workspaces/orchestrator/plugins/scaffolder-backend-module-orchestrator/package.json
@@ -61,7 +61,7 @@
     "@backstage/plugin-scaffolder-node": "^0.12.1",
     "@backstage/types": "^1.2.2",
     "@red-hat-developer-hub/backstage-plugin-orchestrator-common": "workspace:^",
-    "axios": "^1.11.0",
+    "axios": "^1.15.0",
     "js-yaml": "^4.1.0"
   },
   "devDependencies": {
diff --git a/workspaces/orchestrator/yarn.lock b/workspaces/orchestrator/yarn.lock
@@ -12486,7 +12486,7 @@ __metadata:
     "@serverlessworkflow/sdk-typescript": ^0.8.4
     "@types/js-yaml": ^4.0.0
     "@types/json-schema": 7.0.15
-    axios: ^1.11.0
+    axios: ^1.15.0
     js-yaml: ^4.1.0
     js-yaml-cli: ^0.6.0
   languageName: unknown
@@ -12627,7 +12627,7 @@ __metadata:
     "@types/react": ^18.2.58
     "@types/react-dom": ^18.2.19
     "@types/uuid": ^9.0.0
-    axios: ^1.11.0
+    axios: ^1.15.0
     json-schema: ^0.4.0
     json-schema-library: ^9.0.0
     lodash: ^4.17.21
@@ -12665,7 +12665,7 @@ __metadata:
     "@red-hat-developer-hub/backstage-plugin-orchestrator-common": "workspace:^"
     "@spotify/prettier-config": ^15.0.0
     "@types/js-yaml": ^4.0.0
-    axios: ^1.11.0
+    axios: ^1.15.0
     js-yaml: ^4.1.0
   languageName: unknown
   linkType: soft
@@ -17812,7 +17812,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"axios@npm:1.13.2, axios@npm:^1.0.0, axios@npm:^1.11.0, axios@npm:^1.12.2, axios@npm:^1.7.4":
+"axios@npm:1.13.2":
   version: 1.13.2
   resolution: "axios@npm:1.13.2"
   dependencies:
@@ -17823,6 +17823,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"axios@npm:^1.0.0, axios@npm:^1.12.2, axios@npm:^1.15.0, axios@npm:^1.7.4":
+  version: 1.15.0
+  resolution: "axios@npm:1.15.0"
+  dependencies:
+    follow-redirects: "npm:^1.15.11"
+    form-data: "npm:^4.0.5"
+    proxy-from-env: "npm:^2.1.0"
+  checksum: 95a8455554867a083ab3772fcadba42a22ec4bb546dccc66011556d837a07e544ae006675a30a5c43453f3e37e7c0982e934cec482c06b75abead2a2c157448a
+  languageName: node
+  linkType: hard
+
 "axobject-query@npm:^4.1.0":
   version: 4.1.0
   resolution: "axobject-query@npm:4.1.0"
@@ -23224,13 +23235,13 @@ __metadata:
   languageName: node
   linkType: hard
 
-"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.6":
-  version: 1.15.9
-  resolution: "follow-redirects@npm:1.15.9"
+"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11, follow-redirects@npm:^1.15.6":
+  version: 1.16.0
+  resolution: "follow-redirects@npm:1.16.0"
   peerDependenciesMeta:
     debug:
       optional: true
-  checksum: 859e2bacc7a54506f2bf9aacb10d165df78c8c1b0ceb8023f966621b233717dab56e8d08baadc3ad3b9db58af290413d585c999694b7c146aaf2616340c3d2a6
+  checksum: e90dce4607b1f6b8b9883287f912585573c19088209ad82341d550a795b4ba514522b73b1b340cf618279df27975cd46504d09149be60291ba6767384c1fd8f8
   languageName: node
   linkType: hard
 
@@ -23346,16 +23357,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"form-data@npm:^4.0.0, form-data@npm:^4.0.1, form-data@npm:^4.0.4":
-  version: 4.0.4
-  resolution: "form-data@npm:4.0.4"
+"form-data@npm:^4.0.0, form-data@npm:^4.0.1, form-data@npm:^4.0.4, form-data@npm:^4.0.5":
+  version: 4.0.5
+  resolution: "form-data@npm:4.0.5"
   dependencies:
     asynckit: ^0.4.0
     combined-stream: ^1.0.8
     es-set-tostringtag: ^2.1.0
     hasown: ^2.0.2
     mime-types: ^2.1.12
-  checksum: 9b7788836df9fa5a6999e0c02515b001946b2a868cfe53f026c69e2c537a2ff9fbfb8e9d2b678744628f3dc7a2d6e14e4e45dfaf68aa6239727f0bdb8ce0abf2
+  checksum: af8328413c16d0cded5fccc975a44d227c5120fd46a9e81de8acf619d43ed838414cc6d7792195b30b248f76a65246949a129a4dadd148721948f90cd6d4fb69
   languageName: node
   linkType: hard
 
@@ -32108,6 +32119,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"proxy-from-env@npm:^2.1.0":
+  version: 2.1.0
+  resolution: "proxy-from-env@npm:2.1.0"
+  checksum: b106ad790f26d47ba4791af3fe8cba5c8d35d85020119c82c05b413eb11b3ab97d2393ecaed51bca97c2788fa256408283dfeb4d970b2ebcae6702310f064e7e
+  languageName: node
+  linkType: hard
+
 "pseudomap@npm:^1.0.2":
   version: 1.0.2
   resolution: "pseudomap@npm:1.0.2"
