From b26fda3ddab50892b0f3fb23cb07ea4fc603d067 Mon Sep 17 00:00:00 2001 From: Atharva Shinde Date: Mon, 27 Apr 2026 12:58:34 +0530 Subject: [PATCH] Bump minimatch library Fixes: CVE-2026-26996 Signed-off-by: Atharva Shinde --- dynamic-demo-plugin/package.json | 4 + dynamic-demo-plugin/yarn.lock | 216 +++++++++++++++++++++++-------- frontend/package.json | 8 +- frontend/yarn.lock | 17 +-- 4 files changed, 179 insertions(+), 66 deletions(-) diff --git a/dynamic-demo-plugin/package.json b/dynamic-demo-plugin/package.json index 403bda3160f..b03d358d1b6 100644 --- a/dynamic-demo-plugin/package.json +++ b/dynamic-demo-plugin/package.json @@ -75,5 +75,9 @@ "@console/demo-plugin" ] }, + "resolutions": { + "minimatch@^3.0.2": "^3.1.3", + "minimatch@^3.0.4": "^3.1.3" + }, "packageManager": "yarn@4.12.0" } diff --git a/dynamic-demo-plugin/yarn.lock b/dynamic-demo-plugin/yarn.lock index f9d7cfb4b41..bcad7ed8984 100644 --- a/dynamic-demo-plugin/yarn.lock +++ b/dynamic-demo-plugin/yarn.lock @@ -50,6 +50,13 @@ __metadata: languageName: node linkType: hard +"@babel/runtime@npm:^7.15.4": + version: 7.29.2 + resolution: "@babel/runtime@npm:7.29.2" + checksum: 10c0/30b80a0140d16467792e1bbeb06f655b0dab70407da38dfac7fedae9c859f9ae9d846ef14ad77bd3814c064295fe9b1bc551f1541ea14646ae9f22b71a8bc17a + languageName: node + linkType: hard + "@babel/runtime@npm:^7.7.6": version: 7.18.6 resolution: "@babel/runtime@npm:7.18.6" @@ -158,14 +165,18 @@ __metadata: version: 0.0.0-use.local resolution: "@openshift-console/dynamic-plugin-sdk-webpack@portal:../frontend/packages/console-dynamic-plugin-sdk/dist/webpack::locator=%40console%2Fdynamic-demo-plugin%40workspace%3A." dependencies: + "@openshift/dynamic-plugin-sdk-webpack": "npm:^4.0.2" ajv: "npm:^6.12.3" chalk: "npm:2.4.x" comment-json: "npm:4.x" find-up: "npm:4.x" + glob: "npm:7.x" lodash: "npm:^4.17.23" read-pkg: "npm:5.x" semver: "npm:6.x" - webpack: "npm:^5.73.0" + webpack: "npm:5.75.0" + peerDependencies: + typescript: ">=4.5.5" languageName: node linkType: soft @@ -173,14 +184,10 @@ __metadata: version: 0.0.0-use.local resolution: "@openshift-console/dynamic-plugin-sdk@portal:../frontend/packages/console-dynamic-plugin-sdk/dist/core::locator=%40console%2Fdynamic-demo-plugin%40workspace%3A." dependencies: - "@patternfly/quickstarts": "npm:2.4.0" - "@patternfly/react-core": "npm:4.276.11" - "@patternfly/react-table": "npm:4.113.0" classnames: "npm:2.x" immutable: "npm:3.x" lodash: "npm:^4.17.23" react: "npm:^17.0.1" - react-helmet: "npm:^6.1.0" react-i18next: "npm:^11.7.3" react-redux: "npm:7.2.2" react-router: "npm:5.3.x" @@ -207,45 +214,20 @@ __metadata: languageName: node linkType: soft -"@patternfly/patternfly@npm:^4.224.2": - version: 4.224.2 - resolution: "@patternfly/patternfly@npm:4.224.2" - checksum: 10c0/de4b1fc4bd8174016c0aa3b7ff92bba8834062d074ab5e1bef057558b1ed97d6b6bf669bdca69ba61190d152f62c7504e74b6bea80a236f77983e0027ff9af89 - languageName: node - linkType: hard - -"@patternfly/quickstarts@npm:2.4.0": - version: 2.4.0 - resolution: "@patternfly/quickstarts@npm:2.4.0" - dependencies: - "@patternfly/react-catalog-view-extension": "npm:^4.93.15" - dompurify: "npm:^2.2.6" - history: "npm:^5.0.0" - showdown: "npm:1.8.6" - peerDependencies: - "@patternfly/react-core": ">=4.115.2" - react: ">=16.8.0" - react-dom: ">=16.8.0" - showdown: ">=1.8.6" - checksum: 10c0/01d225f528ef9619089ca74d44b45f4b52f38381c1caeb1d3b2398fc82568aa58d7566311f49a3e9a0c0c9cdfd6f65ed4895a751a504f40ed4214814d964e59c - languageName: node - linkType: hard - -"@patternfly/react-catalog-view-extension@npm:^4.93.15": - version: 4.96.0 - resolution: "@patternfly/react-catalog-view-extension@npm:4.96.0" +"@openshift/dynamic-plugin-sdk-webpack@npm:^4.0.2": + version: 4.1.0 + resolution: "@openshift/dynamic-plugin-sdk-webpack@npm:4.1.0" dependencies: - "@patternfly/patternfly": "npm:^4.224.2" - "@patternfly/react-core": "npm:^4.276.6" - "@patternfly/react-styles": "npm:^4.92.6" + lodash: "npm:^4.17.21" + semver: "npm:^7.3.7" + yup: "npm:^0.32.11" peerDependencies: - react: ^16.8 || ^17 || ^18 - react-dom: ^16.8 || ^17 || ^18 - checksum: 10c0/f65d7a79349722f57b1ab0e5e47966b309469febbbfd6591b54560c6f36a99be88341121b128327b3ddeb0c63d71db0e496edfae98878d91b9fab00bf185a02c + webpack: ^5.75.0 + checksum: 10c0/c917918fee5848cafbc5172195aa76b9651aa371e0e7413e919328f1d43acbee45d73672cdba629a393b8b2784c1323e7766ea2cb61a2308aa767859252dd86b languageName: node linkType: hard -"@patternfly/react-core@npm:4.276.11, @patternfly/react-core@npm:^4.276.6, @patternfly/react-core@npm:^4.276.8": +"@patternfly/react-core@npm:4.276.11, @patternfly/react-core@npm:^4.276.8": version: 4.276.11 resolution: "@patternfly/react-core@npm:4.276.11" dependencies: @@ -390,6 +372,13 @@ __metadata: languageName: node linkType: hard +"@types/lodash@npm:^4.14.175": + version: 4.17.24 + resolution: "@types/lodash@npm:4.17.24" + checksum: 10c0/b72f60d4daacdad1fa643edb3faba204c02a01eb1ac00a83ff73496a6d236fc55e459c06106e8ced42277dba932d087d8fc090f8de4ef590d3f91e6d6f7ce85a + languageName: node + linkType: hard + "@types/minimatch@npm:^3.0.3": version: 3.0.5 resolution: "@types/minimatch@npm:3.0.5" @@ -709,7 +698,7 @@ __metadata: languageName: node linkType: hard -"acorn@npm:^8.5.0": +"acorn@npm:^8.5.0, acorn@npm:^8.7.1": version: 8.16.0 resolution: "acorn@npm:8.16.0" bin: @@ -1763,13 +1752,6 @@ __metadata: languageName: node linkType: hard -"dompurify@npm:^2.2.6": - version: 2.3.8 - resolution: "dompurify@npm:2.3.8" - checksum: 10c0/973969bb347218f377627817b12ed69f988574619dbbe43ccd81bc25cb67c7106fd78e245d8933fce370c04bf6f9d11666b2bc6bdd34982f1e5c59a2c26c830e - languageName: node - linkType: hard - "domutils@npm:^2.5.2, domutils@npm:^2.6.0, domutils@npm:^2.7.0": version: 2.7.0 resolution: "domutils@npm:2.7.0" @@ -1858,6 +1840,16 @@ __metadata: languageName: node linkType: hard +"enhanced-resolve@npm:^5.10.0": + version: 5.21.0 + resolution: "enhanced-resolve@npm:5.21.0" + dependencies: + graceful-fs: "npm:^4.2.4" + tapable: "npm:^2.3.3" + checksum: 10c0/8d25b9eb7cbaaf6bac7ca52cefb6aa8a723a3cea754aa3c52f269bdae3b6d5f3219fadbaf4362ed7d53f027e0b83bfbeb4c646640123cf62e6dbe52f28604c77 + languageName: node + linkType: hard + "enhanced-resolve@npm:^5.9.3": version: 5.10.0 resolution: "enhanced-resolve@npm:5.10.0" @@ -2356,6 +2348,20 @@ __metadata: languageName: node linkType: hard +"glob@npm:7.x": + version: 7.2.3 + resolution: "glob@npm:7.2.3" + dependencies: + fs.realpath: "npm:^1.0.0" + inflight: "npm:^1.0.4" + inherits: "npm:2" + minimatch: "npm:^3.1.1" + once: "npm:^1.3.0" + path-is-absolute: "npm:^1.0.0" + checksum: 10c0/65676153e2b0c9095100fe7f25a778bf45608eeb32c6048cf307f579649bcc30353277b3b898a3792602c65764e5baa4f643714dfbdfd64ea271d210c7a425fe + languageName: node + linkType: hard + "glob@npm:^7.1.1": version: 7.1.7 resolution: "glob@npm:7.1.7" @@ -2523,7 +2529,7 @@ __metadata: languageName: node linkType: hard -"history@npm:^5.0.0, history@npm:^5.3.0": +"history@npm:^5.3.0": version: 5.3.0 resolution: "history@npm:5.3.0" dependencies: @@ -3225,6 +3231,13 @@ __metadata: languageName: node linkType: hard +"lodash@npm:^4.17.21": + version: 4.18.1 + resolution: "lodash@npm:4.18.1" + checksum: 10c0/757228fc68805c59789e82185135cf85f05d0b2d3d54631d680ca79ec21944ec8314d4533639a14b8bcfbd97a517e78960933041a5af17ecb693ec6eecb99a27 + languageName: node + linkType: hard + "lodash@npm:^4.17.23": version: 4.17.23 resolution: "lodash@npm:4.17.23" @@ -3377,12 +3390,12 @@ __metadata: languageName: node linkType: hard -"minimatch@npm:^3.0.2, minimatch@npm:^3.0.4": - version: 3.0.4 - resolution: "minimatch@npm:3.0.4" +"minimatch@npm:^3.1.1, minimatch@npm:^3.1.3": + version: 3.1.5 + resolution: "minimatch@npm:3.1.5" dependencies: brace-expansion: "npm:^1.1.7" - checksum: 10c0/d0a2bcd93ebec08a9eef3ca83ba33c9fb6feb93932e0b4dc6aa46c5f37a9404bea7ad9ff7cafe23ce6634f1fe3b206f5315ecbb05812da6e692c21d8ecfd3dae + checksum: 10c0/2ecbdc0d33f07bddb0315a8b5afbcb761307a8778b48f0b312418ccbced99f104a2d17d8aca7573433c70e8ccd1c56823a441897a45e384ea76ef401a26ace70 languageName: node linkType: hard @@ -3480,6 +3493,13 @@ __metadata: languageName: node linkType: hard +"nanoclone@npm:^0.2.1": + version: 0.2.1 + resolution: "nanoclone@npm:0.2.1" + checksum: 10c0/760b569ea841c9678fdf8d763c6d7bb093f0889150087f82d86c536a318b302939c82ce35cdaec999d0f687789d0d79d0f3f75a272d7a98dfac7a067c0b47053 + languageName: node + linkType: hard + "nanoid@npm:^3.3.4": version: 3.3.4 resolution: "nanoid@npm:3.3.4" @@ -4312,6 +4332,13 @@ __metadata: languageName: node linkType: hard +"property-expr@npm:^2.0.4": + version: 2.0.6 + resolution: "property-expr@npm:2.0.6" + checksum: 10c0/69b7da15038a1146d6447c69c445306f66a33c425271235bb20507f1846dbf9577a8f9dfafe8acbfcb66f924b270157f155248308f026a68758f35fc72265b3c + languageName: node + linkType: hard + "pseudomap@npm:^1.0.2": version: 1.0.2 resolution: "pseudomap@npm:1.0.2" @@ -4954,6 +4981,15 @@ __metadata: languageName: node linkType: hard +"semver@npm:^7.3.7": + version: 7.7.4 + resolution: "semver@npm:7.7.4" + bin: + semver: bin/semver.js + checksum: 10c0/5215ad0234e2845d4ea5bb9d836d42b03499546ddafb12075566899fc617f68794bb6f146076b6881d755de17d6c6cc73372555879ec7dce2c2feee947866ad2 + languageName: node + linkType: hard + "serialize-javascript@npm:^5.0.1": version: 5.0.1 resolution: "serialize-javascript@npm:5.0.1" @@ -5356,6 +5392,13 @@ __metadata: languageName: node linkType: hard +"tapable@npm:^2.3.3": + version: 2.3.3 + resolution: "tapable@npm:2.3.3" + checksum: 10c0/47992e861053f861154e92fb4a98ac4ab47b6463717e60792dd1e8c755da0c4964cd8bb68c308a9066d6da89000b6310457b4d5d985c30de4ccc29066068cc17 + languageName: node + linkType: hard + "tar@npm:^6.0.2": version: 6.1.11 resolution: "tar@npm:6.1.11" @@ -5486,6 +5529,13 @@ __metadata: languageName: node linkType: hard +"toposort@npm:^2.0.2": + version: 2.0.2 + resolution: "toposort@npm:2.0.2" + checksum: 10c0/ab9ca91fce4b972ccae9e2f539d755bf799a0c7eb60da07fd985fce0f14c159ed1e92305ff55697693b5bc13e300f5417db90e2593b127d421c9f6c440950222 + languageName: node + linkType: hard + "ts-loader@npm:9.x": version: 9.2.6 resolution: "ts-loader@npm:9.2.6" @@ -5832,6 +5882,16 @@ __metadata: languageName: node linkType: hard +"watchpack@npm:^2.4.0": + version: 2.5.1 + resolution: "watchpack@npm:2.5.1" + dependencies: + glob-to-regexp: "npm:^0.4.1" + graceful-fs: "npm:^4.1.2" + checksum: 10c0/dffbb483d1f61be90dc570630a1eb308581e2227d507d783b1d94a57ac7b705ecd9a1a4b73d73c15eab596d39874e5276a3d9cb88bbb698bafc3f8d08c34cf17 + languageName: node + linkType: hard + "webpack-cli@npm:4.9.x": version: 4.9.1 resolution: "webpack-cli@npm:4.9.1" @@ -5892,6 +5952,43 @@ __metadata: languageName: node linkType: hard +"webpack@npm:5.75.0": + version: 5.75.0 + resolution: "webpack@npm:5.75.0" + dependencies: + "@types/eslint-scope": "npm:^3.7.3" + "@types/estree": "npm:^0.0.51" + "@webassemblyjs/ast": "npm:1.11.1" + "@webassemblyjs/wasm-edit": "npm:1.11.1" + "@webassemblyjs/wasm-parser": "npm:1.11.1" + acorn: "npm:^8.7.1" + acorn-import-assertions: "npm:^1.7.6" + browserslist: "npm:^4.14.5" + chrome-trace-event: "npm:^1.0.2" + enhanced-resolve: "npm:^5.10.0" + es-module-lexer: "npm:^0.9.0" + eslint-scope: "npm:5.1.1" + events: "npm:^3.2.0" + glob-to-regexp: "npm:^0.4.1" + graceful-fs: "npm:^4.2.9" + json-parse-even-better-errors: "npm:^2.3.1" + loader-runner: "npm:^4.2.0" + mime-types: "npm:^2.1.27" + neo-async: "npm:^2.6.2" + schema-utils: "npm:^3.1.0" + tapable: "npm:^2.1.1" + terser-webpack-plugin: "npm:^5.1.3" + watchpack: "npm:^2.4.0" + webpack-sources: "npm:^3.2.3" + peerDependenciesMeta: + webpack-cli: + optional: true + bin: + webpack: bin/webpack.js + checksum: 10c0/0160331d6255bdb8027f2589458514709a4a6555e2868adb6356a309d3f7b2212cb129a00f343fe0f94f54a31b4677507a3adf9ae73badc1216105ac548681ea + languageName: node + linkType: hard + "webpack@npm:^5.73.0": version: 5.73.0 resolution: "webpack@npm:5.73.0" @@ -6066,3 +6163,18 @@ __metadata: checksum: 10c0/dceb44c28578b31641e13695d200d34ec4ab3966a5729814d5445b194933c096b7ced71494ce53a0e8820685d1d010df8b2422e5bf2cdea7e469d97ffbea306f languageName: node linkType: hard + +"yup@npm:^0.32.11": + version: 0.32.11 + resolution: "yup@npm:0.32.11" + dependencies: + "@babel/runtime": "npm:^7.15.4" + "@types/lodash": "npm:^4.14.175" + lodash: "npm:^4.17.21" + lodash-es: "npm:^4.17.21" + nanoclone: "npm:^0.2.1" + property-expr: "npm:^2.0.4" + toposort: "npm:^2.0.2" + checksum: 10c0/f0802798dc64b49f313886b983a9bea5f283e2094ee2aa1197587b84f50ac5b5d03af99857c313139e63dc02558fac3aaa343503bdbffa96f70006b39d1f59c9 + languageName: node + linkType: hard diff --git a/frontend/package.json b/frontend/package.json index df4bea6d189..f3d885d40f1 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -358,7 +358,13 @@ "@types/jest": "21.x", "glob-parent": "^5.1.2", "postcss": "^8.2.13", - "axios": "0.31.0" + "axios": "0.31.0", + "minimatch@^3.0.0": "^3.1.3", + "minimatch@^3.0.2": "^3.1.3", + "minimatch@^3.0.3": "^3.1.3", + "minimatch@^3.0.4": "^3.1.3", + "minimatch@3.0.4": "^3.1.3", + "minimatch@^3.1.1": "^3.1.3" }, "husky": { "hooks": { diff --git a/frontend/yarn.lock b/frontend/yarn.lock index 778bc081eb1..5c9803562f2 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -19830,15 +19830,6 @@ __metadata: languageName: node linkType: hard -"minimatch@npm:3.0.4, minimatch@npm:^3.0.0, minimatch@npm:^3.0.2, minimatch@npm:^3.0.3, minimatch@npm:^3.0.4": - version: 3.0.4 - resolution: "minimatch@npm:3.0.4" - dependencies: - brace-expansion: "npm:^1.1.7" - checksum: 10c0/d0a2bcd93ebec08a9eef3ca83ba33c9fb6feb93932e0b4dc6aa46c5f37a9404bea7ad9ff7cafe23ce6634f1fe3b206f5315ecbb05812da6e692c21d8ecfd3dae - languageName: node - linkType: hard - "minimatch@npm:^10.2.2": version: 10.2.2 resolution: "minimatch@npm:10.2.2" @@ -19848,12 +19839,12 @@ __metadata: languageName: node linkType: hard -"minimatch@npm:^3.1.1": - version: 3.1.2 - resolution: "minimatch@npm:3.1.2" +"minimatch@npm:^3.1.3": + version: 3.1.5 + resolution: "minimatch@npm:3.1.5" dependencies: brace-expansion: "npm:^1.1.7" - checksum: 10c0/0262810a8fc2e72cca45d6fd86bd349eee435eb95ac6aa45c9ea2180e7ee875ef44c32b55b5973ceabe95ea12682f6e3725cbb63d7a2d1da3ae1163c8b210311 + checksum: 10c0/2ecbdc0d33f07bddb0315a8b5afbcb761307a8778b48f0b312418ccbced99f104a2d17d8aca7573433c70e8ccd1c56823a441897a45e384ea76ef401a26ace70 languageName: node linkType: hard