Skip to content

Commit ba48e23

Browse files
lholmquistlholmquist
authored
chore(orchestator): multiple dependency updates for CVE fixes (#2773) (#2812)
* fix: ran yarn up -R ajv. fixes https://access.redhat.com/security/cve/cve-2025-69873 * fix: ran yarn up -R path-to-regexp fixes https://access.redhat.com/security/cve/CVE-2026-4926 * fix: ran yarn up -R lodash fixes: https://access.redhat.com/security/cve/CVE-2026-4800 * squash: add the changeset
1 parent 5d1dce2 commit ba48e23

6 files changed

Lines changed: 45 additions & 23 deletions

File tree

workspaces/orchestrator/.changeset/nervous-eels-mate.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
---
2+
'@red-hat-developer-hub/backstage-plugin-orchestrator-form-widgets': patch
3+
'@red-hat-developer-hub/backstage-plugin-orchestrator-form-react': patch
4+
'@red-hat-developer-hub/backstage-plugin-orchestrator-backend': patch
5+
'@red-hat-developer-hub/backstage-plugin-orchestrator': patch
6+
---
7+
8+
fix: updating lodash for cve fixes

workspaces/orchestrator/plugins/orchestrator-backend/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@
8383
"express-promise-router": "^4.1.1",
8484
"fs-extra": "^10.1.0",
8585
"isomorphic-git": "^1.23.0",
86-
"lodash": "^4.17.21",
86+
"lodash": "^4.18.1",
8787
"luxon": "^3.7.2",
8888
"openapi-backend": "^5.10.5",
8989
"yn": "^5.0.0"

workspaces/orchestrator/plugins/orchestrator-form-react/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@
4444
"@rjsf/validator-ajv8": "^5.21.2",
4545
"json-schema": "^0.4.0",
4646
"json-schema-library": "^9.0.0",
47-
"lodash": "^4.17.21",
47+
"lodash": "^4.18.1",
4848
"tss-react": "^4.9.18"
4949
},
5050
"peerDependencies": {

workspaces/orchestrator/plugins/orchestrator-form-widgets/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@
6262
"clsx": "^2.1.1",
6363
"json-schema": "^0.4.0",
6464
"jsonata": "^2.0.6",
65-
"lodash": "^4.17.21",
65+
"lodash": "^4.18.1",
6666
"react-use": "^17.2.4",
6767
"tss-react": "^4.9.18"
6868
},

workspaces/orchestrator/plugins/orchestrator/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@
6868
"axios": "^1.15.0",
6969
"json-schema": "^0.4.0",
7070
"json-schema-library": "^9.0.0",
71-
"lodash": "^4.17.21",
71+
"lodash": "^4.18.1",
7272
"luxon": "^3.7.2",
7373
"react-use": "^17.4.0",
7474
"swr": "^2.0.0",

workspaces/orchestrator/yarn.lock

Lines changed: 33 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -12464,7 +12464,7 @@ __metadata:
1246412464
express-promise-router: ^4.1.1
1246512465
fs-extra: ^10.1.0
1246612466
isomorphic-git: ^1.23.0
12467-
lodash: ^4.17.21
12467+
lodash: ^4.18.1
1246812468
luxon: ^3.7.2
1246912469
openapi-backend: ^5.10.5
1247012470
prettier: 3.8.1
@@ -12534,7 +12534,7 @@ __metadata:
1253412534
"@types/react": ^18.2.58
1253512535
json-schema: ^0.4.0
1253612536
json-schema-library: ^9.0.0
12537-
lodash: ^4.17.21
12537+
lodash: ^4.18.1
1253812538
prettier: 3.8.1
1253912539
react: ^16.13.1 || ^17.0.0 || ^18.0.0
1254012540
react-dom: ^16.13.1 || ^17.0.0 || ^18.0.0
@@ -12572,7 +12572,7 @@ __metadata:
1257212572
express: ^5.1.0
1257312573
json-schema: ^0.4.0
1257412574
jsonata: ^2.0.6
12575-
lodash: ^4.17.21
12575+
lodash: ^4.18.1
1257612576
msw: ^1.0.0
1257712577
react: ^18.0.0
1257812578
react-dom: ^18.0.0
@@ -12630,7 +12630,7 @@ __metadata:
1263012630
axios: ^1.15.0
1263112631
json-schema: ^0.4.0
1263212632
json-schema-library: ^9.0.0
12633-
lodash: ^4.17.21
12633+
lodash: ^4.18.1
1263412634
luxon: ^3.7.2
1263512635
prettier: 3.8.1
1263612636
react: ^18.0.0
@@ -17076,14 +17076,14 @@ __metadata:
1707617076
linkType: hard
1707717077

1707817078
"ajv@npm:^6.12.2, ajv@npm:^6.12.3, ajv@npm:^6.12.4, ajv@npm:^6.12.5":
17079-
version: 6.12.6
17080-
resolution: "ajv@npm:6.12.6"
17079+
version: 6.14.0
17080+
resolution: "ajv@npm:6.14.0"
1708117081
dependencies:
17082-
fast-deep-equal: ^3.1.1
17083-
fast-json-stable-stringify: ^2.0.0
17084-
json-schema-traverse: ^0.4.1
17085-
uri-js: ^4.2.2
17086-
checksum: 874972efe5c4202ab0a68379481fbd3d1b5d0a7bd6d3cc21d40d3536ebff3352a2a1fabb632d4fd2cc7fe4cbdcd5ed6782084c9bbf7f32a1536d18f9da5007d4
17082+
fast-deep-equal: "npm:^3.1.1"
17083+
fast-json-stable-stringify: "npm:^2.0.0"
17084+
json-schema-traverse: "npm:^0.4.1"
17085+
uri-js: "npm:^4.2.2"
17086+
checksum: 7bb3ea97bb8af52521589079f427e799b6561acaa94f50e13410cb87588c51df8db1afe1157b3e48f1a829269adaa11116e0c2cafe2b998add1523789809a3c5
1708717087
languageName: node
1708817088
linkType: hard
1708917089

@@ -27862,10 +27862,10 @@ __metadata:
2786227862
languageName: node
2786327863
linkType: hard
2786427864

27865-
"lodash@npm:^4.15.0, lodash@npm:^4.16.4, lodash@npm:^4.17.14, lodash@npm:^4.17.15, lodash@npm:^4.17.20, lodash@npm:^4.17.21, lodash@npm:^4.17.4, lodash@npm:~4.17.15, lodash@npm:~4.17.21":
27866-
version: 4.17.21
27867-
resolution: "lodash@npm:4.17.21"
27868-
checksum: eb835a2e51d381e561e508ce932ea50a8e5a68f4ebdd771ea240d3048244a8d13658acbd502cd4829768c56f2e16bdd4340b9ea141297d472517b83868e677f7
27865+
"lodash@npm:^4.15.0, lodash@npm:^4.16.4, lodash@npm:^4.17.14, lodash@npm:^4.17.15, lodash@npm:^4.17.20, lodash@npm:^4.17.21, lodash@npm:^4.17.4, lodash@npm:^4.18.1":
27866+
version: 4.18.1
27867+
resolution: "lodash@npm:4.18.1"
27868+
checksum: bb5f5b49aad29614e709af02b64c56b0f8b78c6a81434a3c1ae527d2f0f78ca08f9d9fb22aa825a053876c9d2166e9c01f31c356014b5e2bdc0556c057433102
2786927869
languageName: node
2787027870
linkType: hard
2787127871

@@ -27876,6 +27876,13 @@ __metadata:
2787627876
languageName: node
2787727877
linkType: hard
2787827878

27879+
"lodash@npm:~4.17.15, lodash@npm:~4.17.21":
27880+
version: 4.17.23
27881+
resolution: "lodash@npm:4.17.23"
27882+
checksum: 7daad39758a72872e94651630fbb54ba76868f904211089721a64516ce865506a759d9ad3d8ff22a2a49a50a09db5d27c36f22762d21766e47e3ba918d6d7bab
27883+
languageName: node
27884+
linkType: hard
27885+
2787927886
"log-symbols@npm:^4.1.0":
2788027887
version: 4.1.0
2788127888
resolution: "log-symbols@npm:4.1.0"
@@ -31005,7 +31012,7 @@ __metadata:
3100531012
languageName: node
3100631013
linkType: hard
3100731014

31008-
"path-to-regexp@npm:8.3.0, path-to-regexp@npm:^8.0.0, path-to-regexp@npm:^8.2.0":
31015+
"path-to-regexp@npm:8.3.0":
3100931016
version: 8.3.0
3101031017
resolution: "path-to-regexp@npm:8.3.0"
3101131018
checksum: 73e0d3db449f9899692b10be8480bbcfa294fd575be2d09bce3e63f2f708d1fccd3aaa8591709f8b82062c528df116e118ff9df8f5c52ccc4c2443a90be73e10
@@ -31019,10 +31026,17 @@ __metadata:
3101931026
languageName: node
3102031027
linkType: hard
3102131028

31029+
"path-to-regexp@npm:^8.0.0, path-to-regexp@npm:^8.2.0":
31030+
version: 8.4.2
31031+
resolution: "path-to-regexp@npm:8.4.2"
31032+
checksum: c30fba443e413cc736b7b28056a4b60b537ae1caa80152da21e8093bd41deba7c408a4ac6f11a1bf594e089d8fd8d87ed31476c55c50983719fb355826370ade
31033+
languageName: node
31034+
linkType: hard
31035+
3102231036
"path-to-regexp@npm:~0.1.12":
31023-
version: 0.1.12
31024-
resolution: "path-to-regexp@npm:0.1.12"
31025-
checksum: ab237858bee7b25ecd885189f175ab5b5161e7b712b360d44f5c4516b8d271da3e4bf7bf0a7b9153ecb04c7d90ce8ff5158614e1208819cf62bac2b08452722e
31037+
version: 0.1.13
31038+
resolution: "path-to-regexp@npm:0.1.13"
31039+
checksum: 0bf61c6068a0d92dbd3c2f4b24a9b8f153be2d8ec13c99bb7a45f31e5f7e153b91811e63b895ac9e0942ae16890ee15526e842f6f1b4920aa01335f94f6ce58e
3102631040
languageName: node
3102731041
linkType: hard
3102831042

0 commit comments

Comments
 (0)