Skip to content

chore: security dependency bumps#12245

Merged
mklos-kw merged 17 commits into
masterfrom
chore/bump-sec
May 6, 2026
Merged

chore: security dependency bumps#12245
mklos-kw merged 17 commits into
masterfrom
chore/bump-sec

Conversation

@mklos-kw

@mklos-kw mklos-kw commented Apr 22, 2026

Copy link
Copy Markdown
Member

Description

Related Issue

  • Fixes <issue_link>

Motivation and Context

How Has This Been Tested?

  • test environment:
  • test case 1:
  • test case 2:
  • ...

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:

@update-docs

update-docs Bot commented Apr 22, 2026

Copy link
Copy Markdown

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@mklos-kw mklos-kw force-pushed the chore/bump-sec branch 2 times, most recently from 9766166 to 5037818 Compare April 23, 2026 17:01
@kobergj kobergj mentioned this pull request Apr 24, 2026
Merged
3 tasks
mklos-kw added 16 commits May 6, 2026 09:36
@mklos-kw
chore: bump follow-redirects to >=1.16.0
639f13e
@mklos-kw
chore: bump @xmldom/xmldom to >=0.8.12
eb4b4a1
@mklos-kw
chore: bump serialize-javascript to >=7.0.5
254b18a
@mklos-kw
chore: bump picomatch to 2.3.2 / 4.0.4
b8ad347
@mklos-kw
chore: bump flatted to >=3.4.2
81f0e1c
@mklos-kw
chore: bump undici to >=7.24.0
e3425cd
@mklos-kw
chore: bump svgo to >=4.0.1
2164ad4
@mklos-kw
chore: bump minimatch to 3.1.3 / 5.1.8
9c6a5e7
@mklos-kw
build(deps): bump i18next-http-backend in /services/idp
e27c9cc 
Bumps [i18next-http-backend](https://github.com/i18next/i18next-http-backend) from 2.7.3 to 3.0.5.
- [Changelog](https://github.com/i18next/i18next-http-backend/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next-http-backend@v2.7.3...v3.0.5)

---
updated-dependencies:
- dependency-name: i18next-http-backend
  dependency-version: 3.0.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump amd64/alpine from 3.23.3 to 3.23.4 in /ocis/docker
60c4497 
Bumps amd64/alpine from 3.23.3 to 3.23.4.

---
updated-dependencies:
- dependency-name: amd64/alpine
  dependency-version: 3.23.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump actions/setup-node from 6.3.0 to 6.4.0
d261d2c 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump actions/setup-go from 6.3.0 to 6.4.0
052676d 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v6.3.0...4a36011)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0
1676527 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump docker/build-push-action from 7.0.0 to 7.1.0
2e28fa2 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@d08e5c3...bcafcac)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
8347429 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@153bb8e...b430933)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
chore: lock file regenerate
3025c6e
@mzner mzner self-requested a review May 6, 2026 12:37
@mklos-kw mklos-kw merged commit 61b1817 into master May 6, 2026
107 of 109 checks passed
@mklos-kw mklos-kw deleted the chore/bump-sec branch May 6, 2026 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kobergj kobergj kobergj approved these changes

@mzner mzner mzner approved these changes

@deyankiteworks deyankiteworks deyankiteworks approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mklos-kw @kobergj @mzner @deyankiteworks