diff --git a/.changeset/quick-dryers-train.md b/.changeset/quick-dryers-train.md new file mode 100644 index 0000000000..e9fbc0cdf0 --- /dev/null +++ b/.changeset/quick-dryers-train.md @@ -0,0 +1,9 @@ +--- +"@janus-idp/backstage-scaffolder-backend-module-kubernetes": patch +"@janus-idp/shared-react": patch +"@janus-idp/backstage-plugin-ocm-backend": patch +"@janus-idp/backstage-plugin-topology": patch +"@janus-idp/backstage-plugin-tekton": patch +--- + +Fix CVE-2024-21534 by upgrading @kubernetes/client-node package to 0.22.1 diff --git a/plugins/kubernetes-actions/package.json b/plugins/kubernetes-actions/package.json index 294ab2d9d5..714b7f0842 100644 --- a/plugins/kubernetes-actions/package.json +++ b/plugins/kubernetes-actions/package.json @@ -51,7 +51,7 @@ "@backstage/catalog-client": "^1.6.5", "@backstage/catalog-model": "^1.5.0", "@backstage/plugin-scaffolder-node": "^0.4.8", - "@kubernetes/client-node": "^0.20.0" + "@kubernetes/client-node": "^0.22.1" }, "devDependencies": { "@backstage/backend-common": "0.23.3", diff --git a/plugins/ocm-backend/package.json b/plugins/ocm-backend/package.json index d9be29ffc8..319ea52010 100644 --- a/plugins/ocm-backend/package.json +++ b/plugins/ocm-backend/package.json @@ -35,8 +35,8 @@ "scripts": { "build": "backstage-cli package build", "clean": "backstage-cli package clean", - "export-dynamic": "janus-cli package export-dynamic-plugin --embed-package --embed-package @backstage/plugin-kubernetes-common --no-embed-as-dependencies", - "export-dynamic:clean": "janus-cli package export-dynamic-plugin --embed-package --embed-package @backstage/plugin-kubernetes-common --no-embed-as-dependencies --clean", + "export-dynamic": "janus-cli package export-dynamic-plugin --embed-package --no-embed-as-dependencies", + "export-dynamic:clean": "janus-cli package export-dynamic-plugin --embed-package --no-embed-as-dependencies --clean", "lint:check": "backstage-cli package lint", "lint:fix": "backstage-cli package lint --fix", "postpack": "backstage-cli package postpack", @@ -67,7 +67,7 @@ "@backstage/plugin-permission-common": "^0.8.0", "@backstage/plugin-permission-node": "^0.8.0", "@janus-idp/backstage-plugin-ocm-common": "3.3.0", - "@kubernetes/client-node": "^0.20.0", + "@kubernetes/client-node": "^0.22.1", "express": "^4.18.2", "express-promise-router": "^4.1.1", "semver": "^7.5.4" diff --git a/plugins/ocm-backend/src/constants.ts b/plugins/ocm-backend/src/constants.ts index 7f6eb22f36..0f5e9c982b 100644 --- a/plugins/ocm-backend/src/constants.ts +++ b/plugins/ocm-backend/src/constants.ts @@ -1,2 +1,3 @@ export const CONSOLE_CLAIM = 'consoleurl.cluster.open-cluster-management.io'; export const HUB_CLUSTER_NAME_IN_OCM = 'local-cluster'; +export const ANNOTATION_KUBERNETES_API_SERVER = 'kubernetes.io/api-server'; diff --git a/plugins/ocm-backend/src/providers/ManagedClusterProvider.ts b/plugins/ocm-backend/src/providers/ManagedClusterProvider.ts index 83429bf02c..454cb7dede 100644 --- a/plugins/ocm-backend/src/providers/ManagedClusterProvider.ts +++ b/plugins/ocm-backend/src/providers/ManagedClusterProvider.ts @@ -26,7 +26,6 @@ import { EntityProvider, EntityProviderConnection, } from '@backstage/plugin-catalog-node'; -import { ANNOTATION_KUBERNETES_API_SERVER } from '@backstage/plugin-kubernetes-common'; import { CustomObjectsApi } from '@kubernetes/client-node'; @@ -35,7 +34,11 @@ import { ANNOTATION_PROVIDER_ID, } from '@janus-idp/backstage-plugin-ocm-common'; -import { CONSOLE_CLAIM, HUB_CLUSTER_NAME_IN_OCM } from '../constants'; +import { + ANNOTATION_KUBERNETES_API_SERVER, + CONSOLE_CLAIM, + HUB_CLUSTER_NAME_IN_OCM, +} from '../constants'; import { readOcmConfigs } from '../helpers/config'; import { getManagedCluster, diff --git a/plugins/shared-react/package.json b/plugins/shared-react/package.json index d69dd3e468..7702e6564c 100644 --- a/plugins/shared-react/package.json +++ b/plugins/shared-react/package.json @@ -39,7 +39,7 @@ "@backstage/core-plugin-api": "^1.9.3", "@backstage/plugin-kubernetes-common": "0.8.0", "@backstage/plugin-kubernetes-react": "0.4.0", - "@kubernetes/client-node": "^0.20.0", + "@kubernetes/client-node": "^0.22.1", "classnames": "^2.3.2", "date-fns": "^2.30.0", "file-saver": "^2.0.5", diff --git a/plugins/tekton/package.json b/plugins/tekton/package.json index bdf01517f2..49e3b9e944 100644 --- a/plugins/tekton/package.json +++ b/plugins/tekton/package.json @@ -52,7 +52,7 @@ "@backstage/theme": "^0.5.6", "@janus-idp/backstage-plugin-tekton-common": "1.0.0", "@janus-idp/shared-react": "2.10.3", - "@kubernetes/client-node": "^0.20.0", + "@kubernetes/client-node": "^0.22.1", "@material-ui/core": "^4.9.13", "@material-ui/icons": "^4.11.3", "@material-ui/lab": "^4.0.0-alpha.45", diff --git a/plugins/topology/package.json b/plugins/topology/package.json index 14baf44490..ab3612a929 100644 --- a/plugins/topology/package.json +++ b/plugins/topology/package.json @@ -49,7 +49,7 @@ "@backstage/theme": "^0.5.6", "@janus-idp/backstage-plugin-topology-common": "1.3.0", "@janus-idp/shared-react": "2.10.3", - "@kubernetes/client-node": "^0.20.0", + "@kubernetes/client-node": "^0.22.1", "@material-ui/core": "^4.9.13", "@material-ui/icons": "^4.11.3", "@material-ui/lab": "^4.0.0-alpha.45", diff --git a/yarn.lock b/yarn.lock index 99f9196646..adf91cc850 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6400,6 +6400,13 @@ wrap-ansi "^8.1.0" wrap-ansi-cjs "npm:wrap-ansi@^7.0.0" +"@isaacs/fs-minipass@^4.0.0": + version "4.0.1" + resolved "https://registry.yarnpkg.com/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz#2d59ae3ab4b38fb4270bfa23d30f8e2e86c7fe32" + integrity sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w== + dependencies: + minipass "^7.0.4" + "@istanbuljs/load-nyc-config@^1.0.0": version "1.1.0" resolved "https://registry.yarnpkg.com/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz#fd3db1d59ecf7cf121e80650bb86712f9b55eced" @@ -6684,7 +6691,12 @@ resolved "https://registry.yarnpkg.com/@jsdevtools/ono/-/ono-7.1.3.tgz#9df03bbd7c696a5c58885c34aa06da41c8543796" integrity sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg== -"@jsep-plugin/regex@^1.0.1": +"@jsep-plugin/assignment@^1.2.1": + version "1.2.1" + resolved "https://registry.yarnpkg.com/@jsep-plugin/assignment/-/assignment-1.2.1.tgz#07277bdd7862451a865d391e2142efba33f46c9b" + integrity sha512-gaHqbubTi29aZpVbBlECRpmdia+L5/lh2BwtIJTmtxdbecEyyX/ejAOg7eQDGNvGOUmPY7Z2Yxdy9ioyH/VJeA== + +"@jsep-plugin/regex@^1.0.1", "@jsep-plugin/regex@^1.0.3": version "1.0.3" resolved "https://registry.yarnpkg.com/@jsep-plugin/regex/-/regex-1.0.3.tgz#3aeaa2e5fa45d89de116aeafbfa41c95935b7f6d" integrity sha512-XfZgry4DwEZvSFtS/6Y+R48D7qJYJK6R9/yJFyUFHCIUMEEHuJ4X95TDgJp5QkmzfLYvapMPzskV5HpIDrREug== @@ -7132,6 +7144,28 @@ optionalDependencies: openid-client "^5.3.0" +"@kubernetes/client-node@^0.22.1": + version "0.22.1" + resolved "https://registry.yarnpkg.com/@kubernetes/client-node/-/client-node-0.22.1.tgz#b5a1a9a3e946c873a5f2a4c5daf989667cdfb9a7" + integrity sha512-bNz2uoxJTA/m10h2TsM5e021I9OndpxYYj5hGdHnrmhA+Dk56ohhbbvnJz7TADTEgyBHQ6NAT0QrILypbdFusQ== + dependencies: + "@types/js-yaml" "^4.0.1" + "@types/node" "^22.0.0" + "@types/request" "^2.47.1" + "@types/ws" "^8.5.3" + byline "^5.0.0" + isomorphic-ws "^5.0.0" + js-yaml "^4.1.0" + jsonpath-plus "^10.0.0" + request "^2.88.0" + rfc4648 "^1.3.0" + stream-buffers "^3.0.2" + tar "^7.0.0" + tslib "^2.4.1" + ws "^8.18.0" + optionalDependencies: + openid-client "^5.3.0" + "@leichtgewicht/ip-codec@^2.0.1": version "2.0.5" resolved "https://registry.yarnpkg.com/@leichtgewicht/ip-codec/-/ip-codec-2.0.5.tgz#4fc56c15c580b9adb7dc3c333a134e540b44bfb1" @@ -13782,6 +13816,13 @@ dependencies: undici-types "~5.26.4" +"@types/node@^22.0.0": + version "22.8.4" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.8.4.tgz#ab754f7ac52e1fe74174f761c5b03acaf06da0dc" + integrity sha512-SpNNxkftTJOPk0oN+y2bIqurEXHTA2AOZ3EJDDKeJ5VzkvvORSvmQXGQarcOzWV1ac7DCaPBEdMDxBsM+d8jWw== + dependencies: + undici-types "~6.19.8" + "@types/nodemailer@6.4.15": version "6.4.15" resolved "https://registry.yarnpkg.com/@types/nodemailer/-/nodemailer-6.4.15.tgz#494be695e11c438f7f5df738fb4ab740312a6ed2" @@ -16385,6 +16426,11 @@ chownr@^2.0.0: resolved "https://registry.yarnpkg.com/chownr/-/chownr-2.0.0.tgz#15bfbe53d2eab4cf70f18a8cd68ebe5b3cb1dece" integrity sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ== +chownr@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/chownr/-/chownr-3.0.0.tgz#9855e64ecd240a9cc4267ce8a4aa5d24a1da15e4" + integrity sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g== + chrome-trace-event@^1.0.2: version "1.0.3" resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz#1015eced4741e15d06664a957dbbf50d041e26ac" @@ -23321,6 +23367,11 @@ jsep@^1.1.2, jsep@^1.2.0: resolved "https://registry.yarnpkg.com/jsep/-/jsep-1.3.8.tgz#facb6eb908d085d71d950bd2b24b757c7b8a46d7" integrity sha512-qofGylTGgYj9gZFsHuyWAN4jr35eJ66qJCK4eKDnldohuUoQFbU3iZn2zjvEbd9wOAhP9Wx5DsAAduTyE1PSWQ== +jsep@^1.3.9: + version "1.3.9" + resolved "https://registry.yarnpkg.com/jsep/-/jsep-1.3.9.tgz#8ce42df80ee9c1b39e52d0dd062a465342f35440" + integrity sha512-i1rBX5N7VPl0eYb6+mHNp52sEuaS2Wi8CDYx1X5sn9naevL78+265XJqy1qENEk7mRKwS06NHpUqiBwR7qeodw== + jsesc@^2.5.1: version "2.5.2" resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4" @@ -23478,6 +23529,15 @@ jsonpath-plus@7.1.0: resolved "https://registry.yarnpkg.com/jsonpath-plus/-/jsonpath-plus-7.1.0.tgz#9ac63c3d32a4d91ada68d57e056cb7983e73290a" integrity sha512-gTaNRsPWO/K2KY6MrqaUFClF9kmuM6MFH5Dhg1VYDODgFbByw1yb7xu3hrViE/sz+dGOeMWgCzwUwQtAnCTE9g== +jsonpath-plus@^10.0.0: + version "10.1.0" + resolved "https://registry.yarnpkg.com/jsonpath-plus/-/jsonpath-plus-10.1.0.tgz#e8724c721ac60ff2db667066131b1a2c992ffcf0" + integrity sha512-gHfV1IYqH8uJHYVTs8BJX1XKy2/rR93+f8QQi0xhx95aCiXn1ettYAd5T+7FU6wfqyDoX/wy0pm/fL3jOKJ9Lg== + dependencies: + "@jsep-plugin/assignment" "^1.2.1" + "@jsep-plugin/regex" "^1.0.3" + jsep "^1.3.9" + jsonpath-plus@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/jsonpath-plus/-/jsonpath-plus-6.0.1.tgz#9a3e16cedadfab07a3d8dc4e8cd5df4ed8f49c4d" @@ -25542,6 +25602,11 @@ minipass@^5.0.0: resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.1.tgz#f7f85aff59aa22f110b20e27692465cf3bf89481" integrity sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA== +minipass@^7.1.2: + version "7.1.2" + resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.2.tgz#93a9626ce5e5e66bd4db86849e7515e92340a707" + integrity sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw== + minizlib@^2.1.1: version "2.1.2" resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931" @@ -25550,6 +25615,14 @@ minizlib@^2.1.1: minipass "^3.0.0" yallist "^4.0.0" +minizlib@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-3.0.1.tgz#46d5329d1eb3c83924eff1d3b858ca0a31581012" + integrity sha512-umcy022ILvb5/3Djuu8LWeqUa8D68JaBzlttKeMWen48SjabqS3iY5w/vzeMzMUNhLDifyhbOwKDSznB1vvrwg== + dependencies: + minipass "^7.0.4" + rimraf "^5.0.5" + mixin-deep@^1.2.0: version "1.3.2" resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566" @@ -25580,6 +25653,11 @@ mkdirp@^2.1.3: resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-2.1.6.tgz#964fbcb12b2d8c5d6fbc62a963ac95a273e2cc19" integrity sha512-+hEnITedc8LAtIP9u3HJDFIdcLV2vXP33sqLLIzkv1Db1zO/1OxbvYf0Y1OC/S/Qo5dxHXepofhmxL02PsKe+A== +mkdirp@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-3.0.1.tgz#e44e4c5607fb279c168241713cc6e0fea9adcb50" + integrity sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg== + mlly@^1.6.1, mlly@^1.7.0: version "1.7.0" resolved "https://registry.yarnpkg.com/mlly/-/mlly-1.7.0.tgz#587383ae40dda23cadb11c3c3cc972b277724271" @@ -31184,6 +31262,18 @@ tar@^6.1.11, tar@^6.1.12, tar@^6.2.0: mkdirp "^1.0.3" yallist "^4.0.0" +tar@^7.0.0: + version "7.4.3" + resolved "https://registry.yarnpkg.com/tar/-/tar-7.4.3.tgz#88bbe9286a3fcd900e94592cda7a22b192e80571" + integrity sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw== + dependencies: + "@isaacs/fs-minipass" "^4.0.0" + chownr "^3.0.0" + minipass "^7.1.2" + minizlib "^3.0.1" + mkdirp "^3.0.1" + yallist "^5.0.0" + tarn@^3.0.2: version "3.0.2" resolved "https://registry.yarnpkg.com/tarn/-/tarn-3.0.2.tgz#73b6140fbb881b71559c4f8bfde3d9a4b3d27693" @@ -32127,6 +32217,11 @@ undici-types@~5.26.4: resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== +undici-types@~6.19.8: + version "6.19.8" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.19.8.tgz#35111c9d1437ab83a7cdc0abae2f26d88eda0a02" + integrity sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw== + unfetch@^3.1.1: version "3.1.2" resolved "https://registry.yarnpkg.com/unfetch/-/unfetch-3.1.2.tgz#dc271ef77a2800768f7b459673c5604b5101ef77" @@ -33611,6 +33706,11 @@ ws@^8.11.0, ws@^8.12.0, ws@^8.13.0, ws@^8.15.0, ws@^8.16.0, ws@^8.2.3: resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b" integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ== +ws@^8.18.0: + version "8.18.0" + resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.0.tgz#0d7505a6eafe2b0e712d232b42279f53bc289bbc" + integrity sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw== + xcase@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/xcase/-/xcase-2.0.1.tgz#c7fa72caa0f440db78fd5673432038ac984450b9" @@ -33740,6 +33840,11 @@ yallist@^4.0.0: resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72" integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A== +yallist@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/yallist/-/yallist-5.0.0.tgz#00e2de443639ed0d78fd87de0d27469fbcffb533" + integrity sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw== + yaml-language-server-parser@^0.1.3: version "0.1.3" resolved "https://registry.yarnpkg.com/yaml-language-server-parser/-/yaml-language-server-parser-0.1.3.tgz#f0e9082068291c7c330eefa1f3c9f1b4c3c54183"