Skip to content

fix(deps): update build-tools and fix npm vulnerabilities#342

Merged
Hyperkid123 merged 1 commit into
RedHatInsights:masterfrom
platex-rehor-bot:bot/RHCLOUD-48034
Jun 8, 2026
Merged

fix(deps): update build-tools and fix npm vulnerabilities#342
Hyperkid123 merged 1 commit into
RedHatInsights:masterfrom
platex-rehor-bot:bot/RHCLOUD-48034

Conversation

@platex-rehor-bot

@platex-rehor-bot platex-rehor-bot commented May 29, 2026
edited by atlassian Bot
Loading

Copy link
Copy Markdown
Contributor

Description

Update build-tools submodule and run npm audit fix to address vulnerability scan findings (33 total — 2 Critical, 16 High, 13 Medium, 2 Low).

Build-tools submodule update (a646e7b → 72c2bef):

  • Node UBI image 9.7 → 9.8 (fixes RPM CVEs: libarchive, libnghttp2, libcap)
  • caddy-ubi:latest floating tag pulls latest Go patches on rebuild (fixes Go stdlib, opentelemetry, pgx CVEs)
  • Go toolset updated to 1.25.9

npm audit fix: Resolved 13 non-breaking JS dependency vulnerabilities. Remaining 32 require semver-major bumps (out of scope for this ticket).

Supersedes Mintmaker PRs #339 and #341 (targeted older a96ba3d commit).

RHCLOUD-48034

Screenshots

N/A — infrastructure/dependency change only, no UI impact.

Checklist ☑️

  • PR only fixes one issue or story
  • Change reviewed for extraneous code
  • UI best practices adhered to
  • Commits squashed and meaningfully named
  • All PR checks pass locally (build, lint, test, E2E)

  • (Optional) QE: Needs QE attention (OUIA changed, perceived impact to tests, no test coverage)
  • (Optional) QE: Has been mentioned
  • (Optional) UX: Needs UX attention (end user UX modified, missing designs)
  • (Optional) UX: Has been mentioned

@platex-rehor-bot @claude
fix(deps): update build-tools submodule and fix npm vulnerabilities
f6001ba 
RHCLOUD-48034

Update insights-frontend-builder-common submodule from a646e7b to 72c2bef:
- Node UBI image 9.7 → 9.8 (fixes RPM CVEs: libarchive, libnghttp2, libcap)
- caddy-ubi:latest floating tag pulls latest Go patches on rebuild
- Go toolset updated to 1.25.9 (fixes stdlib CVEs)

Run npm audit fix to resolve 13 non-breaking JS dependency vulnerabilities.
Remaining 32 vulnerabilities require semver-major bumps (out of scope).

Supersedes Mintmaker PRs RedHatInsights#339 and RedHatInsights#341 (targeted older a96ba3d).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@platex-rehor-bot platex-rehor-bot requested a review from a team as a code owner May 29, 2026 17:28
@Hyperkid123 Hyperkid123 merged commit ebc0b42 into RedHatInsights:master Jun 8, 2026
10 checks passed
@platex-rehor-bot platex-rehor-bot deleted the bot/RHCLOUD-48034 branch June 8, 2026 11:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Hyperkid123 Hyperkid123 Hyperkid123 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@platex-rehor-bot @Hyperkid123