chore(ui): Upgrade dagre-d3-es version (#26422)

sh-shamsan · web-flow · commit f046e9f559b9 · 2025-10-27T10:52:34.000-07:00
## Description Upgrade the patch version of dagre-d3-es to the [latest release](tbo47/dagre-es#54) to address a critical vulnerability ([CVE-2025-57347](GHSA-cc8p-78qf-8p7q)) identified in recent security scans. ## Motivation and Context ## Impact N/A ## Test Plan Manual test ## Contributor checklist - [x] Please make sure your submission complies with our [contributing guide](https://github.com/prestodb/presto/blob/master/CONTRIBUTING.md), in particular [code style](https://github.com/prestodb/presto/blob/master/CONTRIBUTING.md#code-style) and [commit standards](https://github.com/prestodb/presto/blob/master/CONTRIBUTING.md#commit-standards). - [x] PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced. - [ ] Documented new properties (with its default value), SQL syntax, functions, or other functionality. - [ ] If release notes are required, they follow the [release notes guidelines](https://github.com/prestodb/presto/wiki/Release-Notes-Guidelines). - [ ] Adequate tests were added if applicable. - [ ] CI passed. - [ ] If adding new dependencies, verified they have an [OpenSSF Scorecard](https://securityscorecards.dev/#the-checks) score of 5.0 or higher (or obtained explicit TSC approval for lower scores). ## Release Notes Please follow [release notes guidelines](https://github.com/prestodb/presto/wiki/Release-Notes-Guidelines) and fill in the release notes below. ``` == RELEASE NOTES == General Changes * Upgrade dagre-d3-es to 7.0.13 in response to `CVE-2025-57347 <https://github.com/advisories/GHSA-cc8p-78qf-8p7q>`_.
diff --git a/presto-ui/src/package.json b/presto-ui/src/package.json
@@ -36,7 +36,7 @@
     "clsx": "^2.1.0",
     "copy-webpack-plugin": "^12.0.2",
     "d3": "^7.9.0",
-    "dagre-d3-es": "^7.0.10",
+    "dagre-d3-es": "7.0.13",
     "prismjs": "^1.30.0",
     "react": "18.3.1",
     "react-data-table-component": "^7.6.2",
@@ -62,4 +62,4 @@
   "resolutions": {
     "d3-color": "3.1.0"
   }
-}
+}
diff --git a/presto-ui/src/yarn.lock b/presto-ui/src/yarn.lock
@@ -2268,10 +2268,10 @@ d3@^7.9.0:
     d3-transition "3"
     d3-zoom "3"
 
-dagre-d3-es@^7.0.10:
-  version "7.0.11"
-  resolved "https://registry.yarnpkg.com/dagre-d3-es/-/dagre-d3-es-7.0.11.tgz#2237e726c0577bfe67d1a7cfd2265b9ab2c15c40"
-  integrity sha512-tvlJLyQf834SylNKax8Wkzco/1ias1OPw8DcUMDE7oUIoSEW25riQVuiu/0OWEFqT0cxHT3Pa9/D82Jr47IONw==
+dagre-d3-es@7.0.13:
+  version "7.0.13"
+  resolved "https://registry.yarnpkg.com/dagre-d3-es/-/dagre-d3-es-7.0.13.tgz#acfb4b449f6dcdd48d8ea8081a6d8c59bc8128c3"
+  integrity sha512-efEhnxpSuwpYOKRm/L5KbqoZmNNukHa/Flty4Wp62JRvgH2ojwVgPgdYyr4twpieZnyRDdIH7PY2mopX26+j2Q==
   dependencies:
     d3 "^7.9.0"
     lodash-es "^4.17.21"
