Skip to content

Fix Orchestrator CVEs for RHDH 1.9.6 Release#3480

Merged
karthikjeeyar merged 4 commits into
workspace/orchestratorfrom
orchestrator/release-1.9
Jun 22, 2026
Merged

Fix Orchestrator CVEs for RHDH 1.9.6 Release#3480
karthikjeeyar merged 4 commits into
workspace/orchestratorfrom
orchestrator/release-1.9

Conversation

@JessicaJHee

@JessicaJHee JessicaJHee commented Jun 19, 2026

Copy link
Copy Markdown
Member

Hey, I just made a Pull Request!

Fixes RHIDP-14959

  • See Jira description for details on each dependency and relavant notes
  • axios, shell-quote, ws couldn't be fully patched but because the vulnerable versions are of dev dependencies like cli and repo-tools we are safe

✔️ Checklist

  • A changeset describing the change and affected packages. (more info)
  • Added or Updated documentation
  • Tests for new functionality and regression tests for bug fixes
  • Screenshots attached (for UI changes)

@JessicaJHee
[release-1.9] chore(deps): bumps axios and shell-quote in Orchestrato…
49015c5 
…r workspace (#3422)

Signed-off-by: Jessica He <jhe@redhat.com>
@JessicaJHee
[release-1.9] chore(deps): bumps ip-address and ws in Orchestrator wo…
5020a1c 
…rkspace (#3453)

* [release-1.9] chore(deps): bumps ip-address in Orchestrator workspace

Signed-off-by: Jessica He <jhe@redhat.com>

* bump ws to 8.21.0

Signed-off-by: Jessica He <jhe@redhat.com>

---------

Signed-off-by: Jessica He <jhe@redhat.com>
@JessicaJHee
add changesets for 1.9.6 Orchestrator CVEs (#3458)
50e172f 
Signed-off-by: Jessica He <jhe@redhat.com>
@JessicaJHee
Fix shell-quote and axios CVEs in the Orchestrator workspace (#3465)
ed2210d 
* Revert "[release-1.9] chore(deps): bumps axios and shell-quote in Orchestrator workspace (#3422)"

This reverts commit 49015c5.

* [release-1.9] chore(deps): bumps non-dev axios and shell-quote in Orchestrator workspace

Signed-off-by: Jessica He <jhe@redhat.com>

---------

Signed-off-by: Jessica He <jhe@redhat.com>
@alizard0

alizard0 commented Jun 19, 2026

Copy link
Copy Markdown
Member

/lgtm

@openshift-ci openshift-ci Bot added the lgtm label Jun 19, 2026
karthikjeeyar
karthikjeeyar approved these changes Jun 22, 2026
View reviewed changes

@karthikjeeyar karthikjeeyar left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified the plugin locally

Image

@karthikjeeyar karthikjeeyar merged commit 5e3e7b3 into workspace/orchestrator Jun 22, 2026
11 checks passed
@sonarqubecloud

sonarqubecloud Bot commented Jun 22, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@karthikjeeyar karthikjeeyar karthikjeeyar approved these changes

@batzionb batzionb Awaiting requested review from batzionb batzionb is a code owner

@mareklibra mareklibra Awaiting requested review from mareklibra mareklibra is a code owner

Assignees

@alizard0 alizard0

Labels

lgtm workspace/orchestrator

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JessicaJHee @alizard0 @karthikjeeyar