diff --git a/workspaces/orchestrator/.changeset/angry-deers-smell.md b/workspaces/orchestrator/.changeset/angry-deers-smell.md new file mode 100644 index 0000000000..6860ba6b94 --- /dev/null +++ b/workspaces/orchestrator/.changeset/angry-deers-smell.md @@ -0,0 +1,13 @@ +--- +'@red-hat-developer-hub/backstage-plugin-scaffolder-backend-module-orchestrator': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-backend-module-loki': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-form-widgets': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-form-react': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-form-api': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-backend': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-common': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator-node': patch +'@red-hat-developer-hub/backstage-plugin-orchestrator': patch +--- + +bumps ip-address, ws, axios and shell-quote in Orchestrator to resolve CVEs diff --git a/workspaces/orchestrator/yarn.lock b/workspaces/orchestrator/yarn.lock index ec79cd7c04..ad24f40a17 100644 --- a/workspaces/orchestrator/yarn.lock +++ b/workspaces/orchestrator/yarn.lock @@ -17825,13 +17825,14 @@ __metadata: linkType: hard "axios@npm:^1.0.0, axios@npm:^1.12.2, axios@npm:^1.15.0, axios@npm:^1.7.4": - version: 1.15.0 - resolution: "axios@npm:1.15.0" + version: 1.18.0 + resolution: "axios@npm:1.18.0" dependencies: - follow-redirects: "npm:^1.15.11" - form-data: "npm:^4.0.5" - proxy-from-env: "npm:^2.1.0" - checksum: 95a8455554867a083ab3772fcadba42a22ec4bb546dccc66011556d837a07e544ae006675a30a5c43453f3e37e7c0982e934cec482c06b75abead2a2c157448a + follow-redirects: ^1.16.0 + form-data: ^4.0.5 + https-proxy-agent: ^5.0.1 + proxy-from-env: ^2.1.0 + checksum: 87e66c8583f69f3aec2d03d2840e4074d71c67d0e06a5c33de8926b0f11c9d31a8509adc6814167cc1fc470bc3f24f99a10fcb6632843192126567340dd1a8ce languageName: node linkType: hard @@ -23243,7 +23244,7 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11, follow-redirects@npm:^1.15.6": +"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.6, follow-redirects@npm:^1.16.0": version: 1.16.0 resolution: "follow-redirects@npm:1.16.0" peerDependenciesMeta: @@ -25201,13 +25202,10 @@ __metadata: languageName: node linkType: hard -"ip-address@npm:^9.0.5": - version: 9.0.5 - resolution: "ip-address@npm:9.0.5" - dependencies: - jsbn: 1.1.0 - sprintf-js: ^1.1.3 - checksum: aa15f12cfd0ef5e38349744e3654bae649a34c3b10c77a674a167e99925d1549486c5b14730eebce9fea26f6db9d5e42097b00aa4f9f612e68c79121c71652dc +"ip-address@npm:^10.1.1": + version: 10.1.1 + resolution: "ip-address@npm:10.1.1" + checksum: 4a370ba2708290b3f6381110097960e99a6d0a67aee5487562dd3bb3d600b9c5b5614c6b38d5143ee5103c4652922f53d47e5154209c332ca437fba7b8e7619f languageName: node linkType: hard @@ -26690,7 +26688,7 @@ __metadata: languageName: node linkType: hard -"jsbn@npm:1.1.0, jsbn@npm:^1.1.0": +"jsbn@npm:^1.1.0": version: 1.1.0 resolution: "jsbn@npm:1.1.0" checksum: 944f924f2bd67ad533b3850eee47603eed0f6ae425fd1ee8c760f477e8c34a05f144c1bd4f5a5dd1963141dc79a2c55f89ccc5ab77d039e7077f3ad196b64965 @@ -34545,13 +34543,20 @@ __metadata: languageName: node linkType: hard -"shell-quote@npm:1.8.3, shell-quote@npm:^1.7.3, shell-quote@npm:^1.8.1": +"shell-quote@npm:1.8.3": version: 1.8.3 resolution: "shell-quote@npm:1.8.3" checksum: 550dd84e677f8915eb013d43689c80bb114860649ec5298eb978f40b8f3d4bc4ccb072b82c094eb3548dc587144bb3965a8676f0d685c1cf4c40b5dc27166242 languageName: node linkType: hard +"shell-quote@npm:^1.7.3, shell-quote@npm:^1.8.1": + version: 1.8.4 + resolution: "shell-quote@npm:1.8.4" + checksum: 082dc836baa8ade01144ee3068af487ea45ba570ea6ab13a5eddc11ab16a976b8857b51ef2caf7dc9a1e173ff0aea685b8f78b4f6f5a0a1ef24c7b17c51350e2 + languageName: node + linkType: hard + "short-unique-id@npm:^5.3.2": version: 5.3.2 resolution: "short-unique-id@npm:5.3.2" @@ -34747,12 +34752,12 @@ __metadata: linkType: hard "socks@npm:^2.6.2, socks@npm:^2.8.3": - version: 2.8.3 - resolution: "socks@npm:2.8.3" + version: 2.8.9 + resolution: "socks@npm:2.8.9" dependencies: - ip-address: ^9.0.5 + ip-address: ^10.1.1 smart-buffer: ^4.2.0 - checksum: 7a6b7f6eedf7482b9e4597d9a20e09505824208006ea8f2c49b71657427f3c137ca2ae662089baa73e1971c62322d535d9d0cf1c9235cf6f55e315c18203eadd + checksum: b573ed4cfb935624d3688e7065cd03fd72ca258156923c9ebb9d462e545cd78f296b64a0e36f911b16326c94aabe2bf94ff405f8afef27ac7bf80fa3c971c6f6 languageName: node linkType: hard @@ -34909,7 +34914,7 @@ __metadata: languageName: node linkType: hard -"sprintf-js@npm:^1.1.2, sprintf-js@npm:^1.1.3": +"sprintf-js@npm:^1.1.2": version: 1.1.3 resolution: "sprintf-js@npm:1.1.3" checksum: a3fdac7b49643875b70864a9d9b469d87a40dfeaf5d34d9d0c5b1cda5fd7d065531fcb43c76357d62254c57184a7b151954156563a4d6a747015cfb41021cad0 @@ -38329,7 +38334,22 @@ __metadata: languageName: node linkType: hard -"ws@npm:*, ws@npm:8.18.0, ws@npm:^8.11.0, ws@npm:^8.13.0, ws@npm:^8.17.1, ws@npm:^8.18.0, ws@npm:^8.8.0": +"ws@npm:*, ws@npm:^8.11.0, ws@npm:^8.13.0, ws@npm:^8.17.1, ws@npm:^8.18.0, ws@npm:^8.8.0": + version: 8.21.0 + resolution: "ws@npm:8.21.0" + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: ">=5.0.2" + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + checksum: 83ff89ae011bc5c3c5605a45a0d50e12589143c7500ca4de83a8d43b3cd26e71f422cb3206fd1a9e6d541d666eeb66255c30d095d62d413b3c7afe5d2c5cb928 + languageName: node + linkType: hard + +"ws@npm:8.18.0": version: 8.18.0 resolution: "ws@npm:8.18.0" peerDependencies: