diff --git a/.changeset/spicy-yaks-notice.md b/.changeset/spicy-yaks-notice.md new file mode 100644 index 0000000000..ae5c3ba1a5 --- /dev/null +++ b/.changeset/spicy-yaks-notice.md @@ -0,0 +1,19 @@ +--- +'@backstage/backend-common': patch +'@backstage/catalog-model': patch +'@backstage/cli': patch +'@backstage/config': patch +'@backstage/core-components': patch +'@backstage/plugin-catalog-backend': patch +'@backstage/plugin-catalog-backend-module-ldap': patch +'@backstage/plugin-catalog-backend-module-msgraph': patch +'@backstage/plugin-catalog-react': patch +'@backstage/plugin-circleci': patch +'@backstage/plugin-kafka-backend': patch +'@backstage/plugin-kubernetes-backend': patch +'@backstage/plugin-rollbar': patch +'@backstage/plugin-rollbar-backend': patch +'@backstage/plugin-search-backend-module-pg': patch +--- + +Bump `lodash` to remediate `SNYK-JS-LODASH-590103` security vulnerability diff --git a/package.json b/package.json index d362338370..3f259516b2 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,8 @@ "**/@roadiehq/**/@backstage/plugin-catalog": "*", "**/@roadiehq/**/@backstage/catalog-model": "*", "graphql-language-service-interface": "2.8.2", - "graphql-language-service-parser": "1.9.0" + "graphql-language-service-parser": "1.9.0", + "lodash": "^4.17.21" }, "version": "1.0.0", "dependencies": { diff --git a/packages/backend-common/package.json b/packages/backend-common/package.json index f5cfaae27a..77090e13dc 100644 --- a/packages/backend-common/package.json +++ b/packages/backend-common/package.json @@ -55,7 +55,7 @@ "keyv": "^4.0.3", "keyv-memcache": "^1.2.5", "knex": "^0.95.1", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "logform": "^2.1.1", "minimatch": "^3.0.4", "minimist": "^1.2.5", diff --git a/packages/catalog-model/package.json b/packages/catalog-model/package.json index 75574b029f..a2fc76c83a 100644 --- a/packages/catalog-model/package.json +++ b/packages/catalog-model/package.json @@ -36,7 +36,7 @@ "@types/yup": "^0.29.8", "ajv": "^7.0.3", "json-schema": "^0.3.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "uuid": "^8.0.0", "yup": "^0.29.3" }, diff --git a/packages/cli/package.json b/packages/cli/package.json index cb2b04aae9..8dabbed89d 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -82,7 +82,7 @@ "jest": "^26.0.1", "jest-css-modules": "^2.1.0", "json-schema": "^0.3.0", - "lodash": "^4.17.19", + "lodash": "^4.17.21", "mini-css-extract-plugin": "^1.4.1", "node-libs-browser": "^2.2.1", "ora": "^5.3.0", diff --git a/packages/config/package.json b/packages/config/package.json index 969bc44045..13b074c620 100644 --- a/packages/config/package.json +++ b/packages/config/package.json @@ -30,7 +30,7 @@ "clean": "backstage-cli clean" }, "dependencies": { - "lodash": "^4.17.15" + "lodash": "^4.17.21" }, "devDependencies": { "@types/jest": "^26.0.7", diff --git a/packages/core-components/package.json b/packages/core-components/package.json index cb15e89d4a..7ffff145f5 100644 --- a/packages/core-components/package.json +++ b/packages/core-components/package.json @@ -50,7 +50,7 @@ "d3-zoom": "^2.0.0", "dagre": "^0.8.5", "immer": "^9.0.1", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "pluralize": "^8.0.0", "prop-types": "^15.7.2", "qs": "^6.9.4", diff --git a/plugins/catalog-backend-module-ldap/package.json b/plugins/catalog-backend-module-ldap/package.json index 5909c28a98..2787287b62 100644 --- a/plugins/catalog-backend-module-ldap/package.json +++ b/plugins/catalog-backend-module-ldap/package.json @@ -34,7 +34,7 @@ "@backstage/plugin-catalog-backend": "^0.13.3", "@types/ldapjs": "^2.2.0", "ldapjs": "^2.2.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "winston": "^3.2.1" }, "devDependencies": { diff --git a/plugins/catalog-backend-module-msgraph/package.json b/plugins/catalog-backend-module-msgraph/package.json index 4209630cc5..397d4fffb3 100644 --- a/plugins/catalog-backend-module-msgraph/package.json +++ b/plugins/catalog-backend-module-msgraph/package.json @@ -35,7 +35,7 @@ "@backstage/plugin-catalog-backend": "^0.13.5", "@microsoft/microsoft-graph-types": "^1.25.0", "cross-fetch": "^3.0.6", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "p-limit": "^3.0.2", "winston": "^3.2.1", "qs": "^6.9.4" diff --git a/plugins/catalog-backend/package.json b/plugins/catalog-backend/package.json index 9aba035f78..16f61c2b9a 100644 --- a/plugins/catalog-backend/package.json +++ b/plugins/catalog-backend/package.json @@ -51,7 +51,7 @@ "git-url-parse": "^11.6.0", "glob": "^7.1.6", "knex": "^0.95.1", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "luxon": "^2.0.2", "morgan": "^1.10.0", "p-limit": "^3.0.2", diff --git a/plugins/catalog-react/package.json b/plugins/catalog-react/package.json index 9388ef3670..54d8af11b6 100644 --- a/plugins/catalog-react/package.json +++ b/plugins/catalog-react/package.json @@ -41,7 +41,7 @@ "@material-ui/lab": "4.0.0-alpha.57", "@types/react": "*", "jwt-decode": "^3.1.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "qs": "^6.9.4", "react": "^16.13.1", "react-router": "6.0.0-beta.0", diff --git a/plugins/circleci/package.json b/plugins/circleci/package.json index bdc2946177..bf60f4de8e 100644 --- a/plugins/circleci/package.json +++ b/plugins/circleci/package.json @@ -42,7 +42,7 @@ "@material-ui/lab": "4.0.0-alpha.57", "circleci-api": "^4.0.0", "humanize-duration": "^3.27.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "luxon": "^2.0.2", "react": "^16.13.1", "react-dom": "^16.13.1", diff --git a/plugins/kafka-backend/package.json b/plugins/kafka-backend/package.json index 0952e335cb..0583bccf68 100644 --- a/plugins/kafka-backend/package.json +++ b/plugins/kafka-backend/package.json @@ -40,7 +40,7 @@ "express": "^4.17.1", "express-promise-router": "^4.1.0", "kafkajs": "^1.16.0-beta.6", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "winston": "^3.2.1" }, "devDependencies": { diff --git a/plugins/kubernetes-backend/package.json b/plugins/kubernetes-backend/package.json index fdba331c07..3154cab61d 100644 --- a/plugins/kubernetes-backend/package.json +++ b/plugins/kubernetes-backend/package.json @@ -47,7 +47,7 @@ "express-promise-router": "^4.1.0", "fs-extra": "9.1.0", "helmet": "^4.0.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "morgan": "^1.10.0", "stream-buffers": "^3.0.2", "winston": "^3.2.1", diff --git a/plugins/rollbar-backend/package.json b/plugins/rollbar-backend/package.json index 75eb7b9773..e6f92d4065 100644 --- a/plugins/rollbar-backend/package.json +++ b/plugins/rollbar-backend/package.json @@ -42,7 +42,7 @@ "express-promise-router": "^4.1.0", "fs-extra": "9.1.0", "helmet": "^4.0.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "morgan": "^1.10.0", "winston": "^3.2.1", "yn": "^4.0.0" diff --git a/plugins/rollbar/package.json b/plugins/rollbar/package.json index 49bd185dde..66037f7b8b 100644 --- a/plugins/rollbar/package.json +++ b/plugins/rollbar/package.json @@ -40,7 +40,7 @@ "@material-ui/core": "^4.12.2", "@material-ui/icons": "^4.9.1", "@material-ui/lab": "4.0.0-alpha.57", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "react": "^16.13.1", "react-dom": "^16.13.1", "react-router": "6.0.0-beta.0", diff --git a/plugins/search-backend-module-pg/package.json b/plugins/search-backend-module-pg/package.json index 1bd4c9fee5..3dfb1fe307 100644 --- a/plugins/search-backend-module-pg/package.json +++ b/plugins/search-backend-module-pg/package.json @@ -23,7 +23,7 @@ "@backstage/backend-common": "^0.9.1", "@backstage/search-common": "^0.2.0", "@backstage/plugin-search-backend-node": "^0.4.2", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "knex": "^0.95.1" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index 82aa7a3da0..4ca7415d32 100644 --- a/yarn.lock +++ b/yarn.lock @@ -18433,12 +18433,7 @@ lodash.without@^4.4.0: resolved "https://registry.npmjs.org/lodash.without/-/lodash.without-4.4.0.tgz#3cd4574a00b67bae373a94b748772640507b7aac" integrity sha1-PNRXSgC2e643OpS3SHcmQFB7eqw= -lodash@4.17.15: - version "4.17.15" - resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548" - integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A== - -lodash@4.17.21, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.1, lodash@~4.17.0, lodash@~4.17.15, lodash@~4.17.4: +lodash@4.17.15, lodash@4.17.21, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.1, lodash@~4.17.0, lodash@~4.17.15, lodash@~4.17.4: version "4.17.21" resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==