Skip to content

Commit f96e4f2

Browse files
lholmquistlholmquist
authored
chore(orchestator): multiple dependency updates for CVE fixes (#2773)
* fix: ran yarn up -R ajv. fixes https://access.redhat.com/security/cve/cve-2025-69873 * fix: ran yarn up -R path-to-regexp fixes https://access.redhat.com/security/cve/CVE-2026-4926 * fix: ran yarn up -R lodash fixes: https://access.redhat.com/security/cve/CVE-2026-4800 * squash: add the changeset
1 parent d8c241a commit f96e4f2

6 files changed

Lines changed: 41 additions & 19 deletions

File tree

workspaces/orchestrator/.changeset/nervous-eels-mate.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
---
2+
'@red-hat-developer-hub/backstage-plugin-orchestrator-form-widgets': patch
3+
'@red-hat-developer-hub/backstage-plugin-orchestrator-form-react': patch
4+
'@red-hat-developer-hub/backstage-plugin-orchestrator-backend': patch
5+
'@red-hat-developer-hub/backstage-plugin-orchestrator': patch
6+
---
7+
8+
fix: updating lodash for cve fixes

workspaces/orchestrator/plugins/orchestrator-backend/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@
8383
"express-promise-router": "^4.1.1",
8484
"fs-extra": "^10.1.0",
8585
"isomorphic-git": "^1.23.0",
86-
"lodash": "^4.17.21",
86+
"lodash": "^4.18.1",
8787
"luxon": "^3.7.2",
8888
"openapi-backend": "^5.10.5",
8989
"yn": "^5.0.0"

workspaces/orchestrator/plugins/orchestrator-form-react/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@
4444
"@rjsf/validator-ajv8": "^5.21.2",
4545
"json-schema": "^0.4.0",
4646
"json-schema-library": "^9.0.0",
47-
"lodash": "^4.17.21",
47+
"lodash": "^4.18.1",
4848
"tss-react": "^4.9.18"
4949
},
5050
"peerDependencies": {

workspaces/orchestrator/plugins/orchestrator-form-widgets/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@
7777
"clsx": "^2.1.1",
7878
"json-schema": "^0.4.0",
7979
"jsonata": "^2.0.6",
80-
"lodash": "^4.17.21",
80+
"lodash": "^4.18.1",
8181
"react-use": "^17.2.4",
8282
"tss-react": "^4.9.18"
8383
},

workspaces/orchestrator/plugins/orchestrator/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@
8484
"axios": "^1.15.0",
8585
"json-schema": "^0.4.0",
8686
"json-schema-library": "^9.0.0",
87-
"lodash": "^4.17.21",
87+
"lodash": "^4.18.1",
8888
"luxon": "^3.7.2",
8989
"react-use": "^17.4.0",
9090
"swr": "^2.0.0",

workspaces/orchestrator/yarn.lock

Lines changed: 29 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -12732,7 +12732,7 @@ __metadata:
1273212732
express-promise-router: "npm:^4.1.1"
1273312733
fs-extra: "npm:^10.1.0"
1273412734
isomorphic-git: "npm:^1.23.0"
12735-
lodash: "npm:^4.17.21"
12735+
lodash: "npm:^4.18.1"
1273612736
luxon: "npm:^3.7.2"
1273712737
openapi-backend: "npm:^5.10.5"
1273812738
prettier: "npm:3.8.1"
@@ -12803,7 +12803,7 @@ __metadata:
1280312803
"@types/react": "npm:^18.2.58"
1280412804
json-schema: "npm:^0.4.0"
1280512805
json-schema-library: "npm:^9.0.0"
12806-
lodash: "npm:^4.17.21"
12806+
lodash: "npm:^4.18.1"
1280712807
prettier: "npm:3.8.1"
1280812808
react: "npm:^16.13.1 || ^17.0.0 || ^18.0.0"
1280912809
react-dom: "npm:^16.13.1 || ^17.0.0 || ^18.0.0"
@@ -12843,7 +12843,7 @@ __metadata:
1284312843
express: "npm:^5.1.0"
1284412844
json-schema: "npm:^0.4.0"
1284512845
jsonata: "npm:^2.0.6"
12846-
lodash: "npm:^4.17.21"
12846+
lodash: "npm:^4.18.1"
1284712847
msw: "npm:^1.0.0"
1284812848
react: "npm:^18.0.0"
1284912849
react-dom: "npm:^18.0.0"
@@ -12909,7 +12909,7 @@ __metadata:
1290912909
axios: "npm:^1.15.0"
1291012910
json-schema: "npm:^0.4.0"
1291112911
json-schema-library: "npm:^9.0.0"
12912-
lodash: "npm:^4.17.21"
12912+
lodash: "npm:^4.18.1"
1291312913
luxon: "npm:^3.7.2"
1291412914
prettier: "npm:3.8.1"
1291512915
react: "npm:^18.0.0"
@@ -17324,14 +17324,14 @@ __metadata:
1732417324
linkType: hard
1732517325

1732617326
"ajv@npm:^6.12.2, ajv@npm:^6.12.3, ajv@npm:^6.12.4, ajv@npm:^6.12.5":
17327-
version: 6.12.6
17328-
resolution: "ajv@npm:6.12.6"
17327+
version: 6.14.0
17328+
resolution: "ajv@npm:6.14.0"
1732917329
dependencies:
1733017330
fast-deep-equal: "npm:^3.1.1"
1733117331
fast-json-stable-stringify: "npm:^2.0.0"
1733217332
json-schema-traverse: "npm:^0.4.1"
1733317333
uri-js: "npm:^4.2.2"
17334-
checksum: 10c0/41e23642cbe545889245b9d2a45854ebba51cda6c778ebced9649420d9205f2efb39cb43dbc41e358409223b1ea43303ae4839db682c848b891e4811da1a5a71
17334+
checksum: 10c0/a2bc39b0555dc9802c899f86990eb8eed6e366cddbf65be43d5aa7e4f3c4e1a199d5460fd7ca4fb3d864000dbbc049253b72faa83b3b30e641ca52cb29a68c22
1733517335
languageName: node
1733617336
linkType: hard
1733717337

@@ -27460,10 +27460,10 @@ __metadata:
2746027460
languageName: node
2746127461
linkType: hard
2746227462

27463-
"lodash@npm:^4.15.0, lodash@npm:^4.16.4, lodash@npm:^4.17.14, lodash@npm:^4.17.15, lodash@npm:^4.17.20, lodash@npm:^4.17.21, lodash@npm:^4.17.4, lodash@npm:~4.17.21, lodash@npm:~4.17.23":
27464-
version: 4.17.23
27465-
resolution: "lodash@npm:4.17.23"
27466-
checksum: 10c0/1264a90469f5bb95d4739c43eb6277d15b6d9e186df4ac68c3620443160fc669e2f14c11e7d8b2ccf078b81d06147c01a8ccced9aab9f9f63d50dcf8cace6bf6
27463+
"lodash@npm:^4.15.0, lodash@npm:^4.16.4, lodash@npm:^4.17.14, lodash@npm:^4.17.15, lodash@npm:^4.17.20, lodash@npm:^4.17.21, lodash@npm:^4.17.4, lodash@npm:^4.18.1":
27464+
version: 4.18.1
27465+
resolution: "lodash@npm:4.18.1"
27466+
checksum: 10c0/757228fc68805c59789e82185135cf85f05d0b2d3d54631d680ca79ec21944ec8314d4533639a14b8bcfbd97a517e78960933041a5af17ecb693ec6eecb99a27
2746727467
languageName: node
2746827468
linkType: hard
2746927469

@@ -27474,6 +27474,13 @@ __metadata:
2747427474
languageName: node
2747527475
linkType: hard
2747627476

27477+
"lodash@npm:~4.17.21, lodash@npm:~4.17.23":
27478+
version: 4.17.23
27479+
resolution: "lodash@npm:4.17.23"
27480+
checksum: 10c0/1264a90469f5bb95d4739c43eb6277d15b6d9e186df4ac68c3620443160fc669e2f14c11e7d8b2ccf078b81d06147c01a8ccced9aab9f9f63d50dcf8cace6bf6
27481+
languageName: node
27482+
linkType: hard
27483+
2747727484
"log-symbols@npm:^4.1.0":
2747827485
version: 4.1.0
2747927486
resolution: "log-symbols@npm:4.1.0"
@@ -30604,7 +30611,7 @@ __metadata:
3060430611
languageName: node
3060530612
linkType: hard
3060630613

30607-
"path-to-regexp@npm:8.3.0, path-to-regexp@npm:^8.0.0, path-to-regexp@npm:^8.2.0":
30614+
"path-to-regexp@npm:8.3.0":
3060830615
version: 8.3.0
3060930616
resolution: "path-to-regexp@npm:8.3.0"
3061030617
checksum: 10c0/ee1544a73a3f294a97a4c663b0ce71bbf1621d732d80c9c9ed201b3e911a86cb628ebad691b9d40f40a3742fe22011e5a059d8eed2cf63ec2cb94f6fb4efe67c
@@ -30618,10 +30625,17 @@ __metadata:
3061830625
languageName: node
3061930626
linkType: hard
3062030627

30628+
"path-to-regexp@npm:^8.0.0, path-to-regexp@npm:^8.2.0":
30629+
version: 8.4.2
30630+
resolution: "path-to-regexp@npm:8.4.2"
30631+
checksum: 10c0/05b115c49b47ad252ce05faa32930f643f23769c68b8bcfe78ad833545140c48bbffb3266986d6c8d5db13a64cf12e07e0d72d9882cab830efeefa553533ebaf
30632+
languageName: node
30633+
linkType: hard
30634+
3062130635
"path-to-regexp@npm:~0.1.12":
30622-
version: 0.1.12
30623-
resolution: "path-to-regexp@npm:0.1.12"
30624-
checksum: 10c0/1c6ff10ca169b773f3bba943bbc6a07182e332464704572962d277b900aeee81ac6aa5d060ff9e01149636c30b1f63af6e69dd7786ba6e0ddb39d4dee1f0645b
30636+
version: 0.1.13
30637+
resolution: "path-to-regexp@npm:0.1.13"
30638+
checksum: 10c0/1cae3921739c154a8926e136185a10c916f79a249b9072a5001b266d96e193860ca03867e8e8cc808b786862d750f427ed93686bc259355442c3407a62deab1a
3062530639
languageName: node
3062630640
linkType: hard
3062730641

0 commit comments

Comments
 (0)