From 5610c9d964b989a2bb47253c37c6d41e988beddd Mon Sep 17 00:00:00 2001 From: Amit Yadav Date: Tue, 23 Jun 2026 22:18:03 +0530 Subject: [PATCH] Bump follow-redirects to 1.16.0 to fix CVE-2026-40895 Signed-off-by: Amit Yadav --- dynamic-demo-plugin/package.json | 3 +- dynamic-demo-plugin/yarn.lock | 70 ++++++++++++++++++-------------- frontend/package.json | 1 + frontend/yarn.lock | 8 ++-- 4 files changed, 47 insertions(+), 35 deletions(-) diff --git a/dynamic-demo-plugin/package.json b/dynamic-demo-plugin/package.json index d7d53b93c13..abab189a384 100644 --- a/dynamic-demo-plugin/package.json +++ b/dynamic-demo-plugin/package.json @@ -80,7 +80,8 @@ "resolutions": { "minimatch@^3.0.2": "^3.1.3", "minimatch@^3.0.4": "^3.1.3", - "minimatch@^3.1.1": "^3.1.3" + "minimatch@^3.1.1": "^3.1.3", + "follow-redirects": "^1.16.0" }, "packageManager": "yarn@4.12.0" } diff --git a/dynamic-demo-plugin/yarn.lock b/dynamic-demo-plugin/yarn.lock index ddf9d92e423..fcc2049f1a2 100644 --- a/dynamic-demo-plugin/yarn.lock +++ b/dynamic-demo-plugin/yarn.lock @@ -196,7 +196,7 @@ __metadata: version: 0.0.0-use.local resolution: "@openshift-console/dynamic-plugin-sdk-webpack@portal:../frontend/packages/console-dynamic-plugin-sdk/dist/webpack::locator=%40console%2Fdynamic-demo-plugin%40workspace%3A." dependencies: - "@openshift/dynamic-plugin-sdk-webpack": "npm:^4.0.2" + "@openshift/dynamic-plugin-sdk-webpack": "npm:^4.1.0" ajv: "npm:^6.12.3" chalk: "npm:2.4.x" comment-json: "npm:4.x" @@ -215,8 +215,9 @@ __metadata: version: 0.0.0-use.local resolution: "@openshift-console/dynamic-plugin-sdk@portal:../frontend/packages/console-dynamic-plugin-sdk/dist/core::locator=%40console%2Fdynamic-demo-plugin%40workspace%3A." dependencies: + "@openshift/dynamic-plugin-sdk": "npm:^5.0.1" "@patternfly/react-topology": "npm:^6.2.0" - immutable: "npm:3.x" + immutable: "npm:^3.8.3" lodash: "npm:^4.17.23" react: "npm:^17.0.1" react-i18next: "npm:^11.12.0" @@ -224,7 +225,7 @@ __metadata: react-router: "npm:5.3.x" react-router-dom: "npm:5.3.x" react-router-dom-v5-compat: "npm:^6.11.2" - redux: "npm:4.0.1" + redux: "npm:^4.0.4" redux-thunk: "npm:2.4.0" reselect: "npm:4.x" typesafe-actions: "npm:^4.2.1" @@ -243,7 +244,7 @@ __metadata: languageName: node linkType: soft -"@openshift/dynamic-plugin-sdk-webpack@npm:^4.0.2": +"@openshift/dynamic-plugin-sdk-webpack@npm:^4.1.0": version: 4.1.0 resolution: "@openshift/dynamic-plugin-sdk-webpack@npm:4.1.0" dependencies: @@ -256,6 +257,20 @@ __metadata: languageName: node linkType: hard +"@openshift/dynamic-plugin-sdk@npm:^5.0.1": + version: 5.0.1 + resolution: "@openshift/dynamic-plugin-sdk@npm:5.0.1" + dependencies: + lodash: "npm:^4.17.21" + semver: "npm:^7.3.7" + uuid: "npm:^8.3.2" + yup: "npm:^0.32.11" + peerDependencies: + react: ^17 || ^18 + checksum: 10c0/2793e27abd90b47daabb0a6c97c76d6acfe0f5a102d394e6eeb1c140e38609b1185dc774ce4816e4fe4ed76656b0f2e5d0295ee4529dc921a544a7d81c263c9c + languageName: node + linkType: hard + "@patternfly/react-core@npm:^6.0.0, @patternfly/react-core@npm:^6.2.2": version: 6.2.2 resolution: "@patternfly/react-core@npm:6.2.2" @@ -2886,10 +2901,13 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:^1.0.0": - version: 1.13.0 - resolution: "follow-redirects@npm:1.13.0" - checksum: 10c0/67b60397f22b12378c51e4f53102f3b56d37b19707fc1254ffa49c70752ec4221c745ba26effc69f9c74c3eac2322ce83ea2128a45aa3fc7af0ef58569d72d45 +"follow-redirects@npm:^1.16.0": + version: 1.16.0 + resolution: "follow-redirects@npm:1.16.0" + peerDependenciesMeta: + debug: + optional: true + checksum: 10c0/a1e2900163e6f1b4d1ed5c221b607f41decbab65534c63fe7e287e40a5d552a6496e7d9d7d976fa4ba77b4c51c11e5e9f683f10b43011ea11e442ff128d0e181 languageName: node linkType: hard @@ -3412,10 +3430,10 @@ __metadata: languageName: node linkType: hard -"immutable@npm:3.x": - version: 3.8.2 - resolution: "immutable@npm:3.8.2" - checksum: 10c0/fb6a2999ad3bda9e51741721e42547076dd492635ee4df9241224055fe953ec843583a700088cc4915f23dc326e5084f4e17f1bbd7388c3e872ef5a242e0ac5e +"immutable@npm:^3.8.3": + version: 3.8.3 + resolution: "immutable@npm:3.8.3" + checksum: 10c0/bafa7b8371b7622bc3d128cd9e6bba3a654b968f09a237929629f43ac26f7e974a5879cd38baad0c26f6f0628753968611bf832add7bf0c44d647bf4306a2988 languageName: node linkType: hard @@ -5409,17 +5427,7 @@ __metadata: languageName: node linkType: hard -"redux@npm:4.0.1": - version: 4.0.1 - resolution: "redux@npm:4.0.1" - dependencies: - loose-envify: "npm:^1.4.0" - symbol-observable: "npm:^1.2.0" - checksum: 10c0/40515233ca564c96890b3559945c0938d42af2ce41ad30541a3d64409dafcb61394dcacf8eabd957c7f1f44393f5e9ef74417607a441a08618c629d8d90bc2d1 - languageName: node - linkType: hard - -"redux@npm:^4.0.0": +"redux@npm:^4.0.0, redux@npm:^4.0.4": version: 4.2.1 resolution: "redux@npm:4.2.1" dependencies: @@ -6157,13 +6165,6 @@ __metadata: languageName: node linkType: hard -"symbol-observable@npm:^1.2.0": - version: 1.2.0 - resolution: "symbol-observable@npm:1.2.0" - checksum: 10c0/009fee50798ef80ed4b8195048288f108b03de162db07493f2e1fd993b33fafa72d659e832b584da5a2427daa78e5a738fb2a9ab027ee9454252e0bedbcd1fdc - languageName: node - linkType: hard - "symlink-or-copy@npm:^1.1.8, symlink-or-copy@npm:^1.2.0, symlink-or-copy@npm:^1.3.1": version: 1.3.1 resolution: "symlink-or-copy@npm:1.3.1" @@ -6546,6 +6547,15 @@ __metadata: languageName: node linkType: hard +"uuid@npm:^8.3.2": + version: 8.3.2 + resolution: "uuid@npm:8.3.2" + bin: + uuid: dist/bin/uuid + checksum: 10c0/bcbb807a917d374a49f475fae2e87fdca7da5e5530820ef53f65ba1d12131bd81a92ecf259cc7ce317cbe0f289e7d79fdfebcef9bfa3087c8c8a2fa304c9be54 + languageName: node + linkType: hard + "v8-compile-cache-lib@npm:^3.0.1": version: 3.0.1 resolution: "v8-compile-cache-lib@npm:3.0.1" diff --git a/frontend/package.json b/frontend/package.json index 44aa76e307d..c76a4121748 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -318,6 +318,7 @@ }, "resolutions": { "@types/lodash": "4.14.106", + "follow-redirects": "^1.16.0", "@types/react-router": "^5.1.20", "@types/react-router-dom": "5.3.x", "hosted-git-info": "^3.0.8", diff --git a/frontend/yarn.lock b/frontend/yarn.lock index d68e0ad690d..4bcb63a8309 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -11879,13 +11879,13 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:^1.0.0": - version: 1.15.3 - resolution: "follow-redirects@npm:1.15.3" +"follow-redirects@npm:^1.16.0": + version: 1.16.0 + resolution: "follow-redirects@npm:1.16.0" peerDependenciesMeta: debug: optional: true - checksum: 10c0/915a2cf22e667bdf47b1a43cc6b7dce14d95039e9bbf9a24d0e739abfbdfa00077dd43c86d4a7a19efefcc7a99af144920a175eedc3888d268af5df67c272ee5 + checksum: 10c0/a1e2900163e6f1b4d1ed5c221b607f41decbab65534c63fe7e287e40a5d552a6496e7d9d7d976fa4ba77b4c51c11e5e9f683f10b43011ea11e442ff128d0e181 languageName: node linkType: hard