Skip to content

Commit

Permalink
fix(deps): update kubernetes-client to fix CVE-2024-21534
Browse files Browse the repository at this point in the history
  • Loading branch information
kim-tsao committed Oct 30, 2024
1 parent ffe7a2a commit 4965141
Show file tree
Hide file tree
Showing 9 changed files with 128 additions and 10 deletions.
9 changes: 9 additions & 0 deletions .changeset/quick-dryers-train.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
"@janus-idp/backstage-scaffolder-backend-module-kubernetes": patch
"@janus-idp/shared-react": patch
"@janus-idp/backstage-plugin-ocm-backend": patch
"@janus-idp/backstage-plugin-topology": patch
"@janus-idp/backstage-plugin-tekton": patch
---

Fix CVE-2024-21534 by upgrading @kubernetes/client-node package to 0.22.1
2 changes: 1 addition & 1 deletion plugins/kubernetes-actions/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
"@backstage/catalog-client": "^1.6.5",
"@backstage/catalog-model": "^1.5.0",
"@backstage/plugin-scaffolder-node": "^0.4.8",
"@kubernetes/client-node": "^0.20.0"
"@kubernetes/client-node": "^0.22.1"
},
"devDependencies": {
"@backstage/backend-common": "0.23.3",
Expand Down
6 changes: 3 additions & 3 deletions plugins/ocm-backend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@
"scripts": {
"build": "backstage-cli package build",
"clean": "backstage-cli package clean",
"export-dynamic": "janus-cli package export-dynamic-plugin --embed-package --embed-package @backstage/plugin-kubernetes-common --no-embed-as-dependencies",
"export-dynamic:clean": "janus-cli package export-dynamic-plugin --embed-package --embed-package @backstage/plugin-kubernetes-common --no-embed-as-dependencies --clean",
"export-dynamic": "janus-cli package export-dynamic-plugin --embed-package --no-embed-as-dependencies",
"export-dynamic:clean": "janus-cli package export-dynamic-plugin --embed-package --no-embed-as-dependencies --clean",
"lint:check": "backstage-cli package lint",
"lint:fix": "backstage-cli package lint --fix",
"postpack": "backstage-cli package postpack",
Expand Down Expand Up @@ -67,7 +67,7 @@
"@backstage/plugin-permission-common": "^0.8.0",
"@backstage/plugin-permission-node": "^0.8.0",
"@janus-idp/backstage-plugin-ocm-common": "3.3.0",
"@kubernetes/client-node": "^0.20.0",
"@kubernetes/client-node": "^0.22.1",
"express": "^4.18.2",
"express-promise-router": "^4.1.1",
"semver": "^7.5.4"
Expand Down
1 change: 1 addition & 0 deletions plugins/ocm-backend/src/constants.ts
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
export const CONSOLE_CLAIM = 'consoleurl.cluster.open-cluster-management.io';
export const HUB_CLUSTER_NAME_IN_OCM = 'local-cluster';
export const ANNOTATION_KUBERNETES_API_SERVER = 'kubernetes.io/api-server';
7 changes: 5 additions & 2 deletions plugins/ocm-backend/src/providers/ManagedClusterProvider.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import {
EntityProvider,
EntityProviderConnection,
} from '@backstage/plugin-catalog-node';
import { ANNOTATION_KUBERNETES_API_SERVER } from '@backstage/plugin-kubernetes-common';

import { CustomObjectsApi } from '@kubernetes/client-node';

Expand All @@ -35,7 +34,11 @@ import {
ANNOTATION_PROVIDER_ID,
} from '@janus-idp/backstage-plugin-ocm-common';

import { CONSOLE_CLAIM, HUB_CLUSTER_NAME_IN_OCM } from '../constants';
import {
ANNOTATION_KUBERNETES_API_SERVER,
CONSOLE_CLAIM,
HUB_CLUSTER_NAME_IN_OCM,
} from '../constants';
import { readOcmConfigs } from '../helpers/config';
import {
getManagedCluster,
Expand Down
2 changes: 1 addition & 1 deletion plugins/shared-react/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"@backstage/core-plugin-api": "^1.9.3",
"@backstage/plugin-kubernetes-common": "0.8.0",
"@backstage/plugin-kubernetes-react": "0.4.0",
"@kubernetes/client-node": "^0.20.0",
"@kubernetes/client-node": "^0.22.1",
"classnames": "^2.3.2",
"date-fns": "^2.30.0",
"file-saver": "^2.0.5",
Expand Down
2 changes: 1 addition & 1 deletion plugins/tekton/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
"@backstage/theme": "^0.5.6",
"@janus-idp/backstage-plugin-tekton-common": "1.0.0",
"@janus-idp/shared-react": "2.10.3",
"@kubernetes/client-node": "^0.20.0",
"@kubernetes/client-node": "^0.22.1",
"@material-ui/core": "^4.9.13",
"@material-ui/icons": "^4.11.3",
"@material-ui/lab": "^4.0.0-alpha.45",
Expand Down
2 changes: 1 addition & 1 deletion plugins/topology/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"@backstage/theme": "^0.5.6",
"@janus-idp/backstage-plugin-topology-common": "1.3.0",
"@janus-idp/shared-react": "2.10.3",
"@kubernetes/client-node": "^0.20.0",
"@kubernetes/client-node": "^0.22.1",
"@material-ui/core": "^4.9.13",
"@material-ui/icons": "^4.11.3",
"@material-ui/lab": "^4.0.0-alpha.45",
Expand Down
107 changes: 106 additions & 1 deletion yarn.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 4965141

Please sign in to comment.