Skip to content

chore(deps): upgrade multiple dependencies for security and stability#1463

Open
olexii4 wants to merge 1 commit intomainfrom
upgrade_libs
Open

chore(deps): upgrade multiple dependencies for security and stability#1463
olexii4 wants to merge 1 commit intomainfrom
upgrade_libs

Conversation

@olexii4
Copy link
Contributor

@olexii4 olexii4 commented Feb 17, 2026

What does this PR do?

This PR updates multiple dependencies for security and stability:

  • eslint: 8.53.0 → 8.57.1 (latest 8.x with security updates)
  • webpack: 5.94.0 → 5.105.2 (includes HttpUriPlugin security fix)
  • fastify: 4.29.1 → 5.7.4 (major update, includes CVE-2026-25224 fix)
  • qs: 6.14.1 → 6.15.0 (security and bug fixes)
  • @isaacs/brace-expansion: 5.0.0 → 5.0.1 (transitive dependency)

Note: ESLint was updated to 8.57.1 instead of 9.x to avoid breaking configuration changes. ESLint 9 requires migrating to flat config format which would be a separate effort.

Screenshot/screencast of this PR

What issues does this PR fix or reference?

Is it tested? How?

Release Notes

Docs PR

@che-bot
Copy link
Contributor

che-bot commented Feb 17, 2026

Click here to review and test in web IDE: Contribute

@olexii4 olexii4 force-pushed the upgrade_libs branch 3 times, most recently from 5c15968 to a2581e4 Compare February 17, 2026 19:14
@olexii4
chore(deps): upgrade multiple dependencies for security and stability
0d92404 
Updates:
- eslint: 8.53.0 → 8.57.1 (latest 8.x with security updates)
- webpack: 5.94.0 → 5.105.2 (includes HttpUriPlugin security fix)
- fastify: 4.29.1 → 5.7.4 (major update, includes CVE-2026-25224 fix)
- qs: 6.14.1 → 6.15.0 (security and bug fixes)
- @isaacs/brace-expansion: 5.0.0 → 5.0.1 (transitive dependency)

Assisted-by: Cursor AI
Signed-off-by: Oleksii Orel <oorel@redhat.com>
@github-actions
Copy link

github-actions bot commented Feb 18, 2026

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1463

kubectl patch command 
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1463", name: che-dashboard}]}}]"

@olexii4
Copy link
Contributor Author

olexii4 commented Feb 18, 2026

/retest

This was referenced Feb 18, 2026
Closed
Closed
Closed
Closed
Closed
@github-actions
Copy link

github-actions bot commented Feb 18, 2026

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1463

kubectl patch command 
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1463", name: che-dashboard}]}}]"

1 similar comment
@github-actions
Copy link

github-actions bot commented Feb 18, 2026

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1463

kubectl patch command 
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1463", name: che-dashboard}]}}]"

@olexii4 olexii4 requested a review from svor February 18, 2026 15:04
@olexii4
Copy link
Contributor Author

olexii4 commented Feb 18, 2026

/retest

@github-actions
Copy link

github-actions bot commented Feb 18, 2026

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1463

kubectl patch command 
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1463", name: che-dashboard}]}}]"

@openshift-ci
Copy link

openshift-ci bot commented Feb 18, 2026

@olexii4: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/v19-e2e-puppeteer 0d92404 link true /test v19-e2e-puppeteer

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

svor
svor approved these changes Feb 19, 2026
View reviewed changes
Copy link
Contributor

@svor svor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 19, 2026
@openshift-ci
Copy link

openshift-ci bot commented Feb 19, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: olexii4, svor

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@svor svor svor approved these changes

@akurinnoy akurinnoy Awaiting requested review from akurinnoy akurinnoy is a code owner

@ibuziuk ibuziuk Awaiting requested review from ibuziuk ibuziuk is a code owner

Assignees

@svor svor

Labels

lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@olexii4 @che-bot @svor

Comments