diff --git a/workspaces/orchestrator/.changeset/lucky-cars-study.md b/workspaces/orchestrator/.changeset/lucky-cars-study.md new file mode 100644 index 0000000000..52929b9934 --- /dev/null +++ b/workspaces/orchestrator/.changeset/lucky-cars-study.md @@ -0,0 +1,7 @@ +--- +'@red-hat-developer-hub/backstage-plugin-scaffolder-backend-module-orchestrator': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-common': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator': patch +--- + +fix: update axios for CVE-2026-40175 diff --git a/workspaces/orchestrator/plugins/orchestrator-common/package.json b/workspaces/orchestrator/plugins/orchestrator-common/package.json index 6dd07d498b..685dc07b58 100644 --- a/workspaces/orchestrator/plugins/orchestrator-common/package.json +++ b/workspaces/orchestrator/plugins/orchestrator-common/package.json @@ -58,7 +58,7 @@ "@backstage/plugin-permission-common": "^0.9.3", "@backstage/types": "^1.2.2", "@serverlessworkflow/sdk-typescript": "^0.8.4", - "axios": "^1.11.0", + "axios": "^1.15.0", "js-yaml": "^4.1.0" }, "devDependencies": { diff --git a/workspaces/orchestrator/plugins/orchestrator/package.json b/workspaces/orchestrator/plugins/orchestrator/package.json index b4ee5f58d5..60ea37412a 100644 --- a/workspaces/orchestrator/plugins/orchestrator/package.json +++ b/workspaces/orchestrator/plugins/orchestrator/package.json @@ -65,7 +65,7 @@ "@red-hat-developer-hub/backstage-plugin-orchestrator-common": "workspace:^", "@red-hat-developer-hub/backstage-plugin-orchestrator-form-api": "workspace:^", "@red-hat-developer-hub/backstage-plugin-orchestrator-form-react": "workspace:^", - "axios": "^1.11.0", + "axios": "^1.15.0", "json-schema": "^0.4.0", "json-schema-library": "^9.0.0", "lodash": "^4.17.21", diff --git a/workspaces/orchestrator/plugins/scaffolder-backend-module-orchestrator/package.json b/workspaces/orchestrator/plugins/scaffolder-backend-module-orchestrator/package.json index 76c3d89ffa..b06e437054 100644 --- a/workspaces/orchestrator/plugins/scaffolder-backend-module-orchestrator/package.json +++ b/workspaces/orchestrator/plugins/scaffolder-backend-module-orchestrator/package.json @@ -61,7 +61,7 @@ "@backstage/plugin-scaffolder-node": "^0.12.1", "@backstage/types": "^1.2.2", "@red-hat-developer-hub/backstage-plugin-orchestrator-common": "workspace:^", - "axios": "^1.11.0", + "axios": "^1.15.0", "js-yaml": "^4.1.0" }, "devDependencies": { diff --git a/workspaces/orchestrator/yarn.lock b/workspaces/orchestrator/yarn.lock index 424f0a3343..d2e10ec944 100644 --- a/workspaces/orchestrator/yarn.lock +++ b/workspaces/orchestrator/yarn.lock @@ -12486,7 +12486,7 @@ __metadata: "@serverlessworkflow/sdk-typescript": ^0.8.4 "@types/js-yaml": ^4.0.0 "@types/json-schema": 7.0.15 - axios: ^1.11.0 + axios: ^1.15.0 js-yaml: ^4.1.0 js-yaml-cli: ^0.6.0 languageName: unknown @@ -12627,7 +12627,7 @@ __metadata: "@types/react": ^18.2.58 "@types/react-dom": ^18.2.19 "@types/uuid": ^9.0.0 - axios: ^1.11.0 + axios: ^1.15.0 json-schema: ^0.4.0 json-schema-library: ^9.0.0 lodash: ^4.17.21 @@ -12665,7 +12665,7 @@ __metadata: "@red-hat-developer-hub/backstage-plugin-orchestrator-common": "workspace:^" "@spotify/prettier-config": ^15.0.0 "@types/js-yaml": ^4.0.0 - axios: ^1.11.0 + axios: ^1.15.0 js-yaml: ^4.1.0 languageName: unknown linkType: soft @@ -17812,7 +17812,7 @@ __metadata: languageName: node linkType: hard -"axios@npm:1.13.2, axios@npm:^1.0.0, axios@npm:^1.11.0, axios@npm:^1.12.2, axios@npm:^1.7.4": +"axios@npm:1.13.2": version: 1.13.2 resolution: "axios@npm:1.13.2" dependencies: @@ -17823,6 +17823,17 @@ __metadata: languageName: node linkType: hard +"axios@npm:^1.0.0, axios@npm:^1.12.2, axios@npm:^1.15.0, axios@npm:^1.7.4": + version: 1.15.0 + resolution: "axios@npm:1.15.0" + dependencies: + follow-redirects: "npm:^1.15.11" + form-data: "npm:^4.0.5" + proxy-from-env: "npm:^2.1.0" + checksum: 95a8455554867a083ab3772fcadba42a22ec4bb546dccc66011556d837a07e544ae006675a30a5c43453f3e37e7c0982e934cec482c06b75abead2a2c157448a + languageName: node + linkType: hard + "axobject-query@npm:^4.1.0": version: 4.1.0 resolution: "axobject-query@npm:4.1.0" @@ -23224,13 +23235,13 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.6": - version: 1.15.9 - resolution: "follow-redirects@npm:1.15.9" +"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11, follow-redirects@npm:^1.15.6": + version: 1.16.0 + resolution: "follow-redirects@npm:1.16.0" peerDependenciesMeta: debug: optional: true - checksum: 859e2bacc7a54506f2bf9aacb10d165df78c8c1b0ceb8023f966621b233717dab56e8d08baadc3ad3b9db58af290413d585c999694b7c146aaf2616340c3d2a6 + checksum: e90dce4607b1f6b8b9883287f912585573c19088209ad82341d550a795b4ba514522b73b1b340cf618279df27975cd46504d09149be60291ba6767384c1fd8f8 languageName: node linkType: hard @@ -23346,16 +23357,16 @@ __metadata: languageName: node linkType: hard -"form-data@npm:^4.0.0, form-data@npm:^4.0.1, form-data@npm:^4.0.4": - version: 4.0.4 - resolution: "form-data@npm:4.0.4" +"form-data@npm:^4.0.0, form-data@npm:^4.0.1, form-data@npm:^4.0.4, form-data@npm:^4.0.5": + version: 4.0.5 + resolution: "form-data@npm:4.0.5" dependencies: asynckit: ^0.4.0 combined-stream: ^1.0.8 es-set-tostringtag: ^2.1.0 hasown: ^2.0.2 mime-types: ^2.1.12 - checksum: 9b7788836df9fa5a6999e0c02515b001946b2a868cfe53f026c69e2c537a2ff9fbfb8e9d2b678744628f3dc7a2d6e14e4e45dfaf68aa6239727f0bdb8ce0abf2 + checksum: af8328413c16d0cded5fccc975a44d227c5120fd46a9e81de8acf619d43ed838414cc6d7792195b30b248f76a65246949a129a4dadd148721948f90cd6d4fb69 languageName: node linkType: hard @@ -32108,6 +32119,13 @@ __metadata: languageName: node linkType: hard +"proxy-from-env@npm:^2.1.0": + version: 2.1.0 + resolution: "proxy-from-env@npm:2.1.0" + checksum: b106ad790f26d47ba4791af3fe8cba5c8d35d85020119c82c05b413eb11b3ab97d2393ecaed51bca97c2788fa256408283dfeb4d970b2ebcae6702310f064e7e + languageName: node + linkType: hard + "pseudomap@npm:^1.0.2": version: 1.0.2 resolution: "pseudomap@npm:1.0.2"