Skip to content

chore: security dependency bumps#12245

Open
mklos-kw wants to merge 16 commits intomasterfrom
chore/bump-sec
Open

chore: security dependency bumps#12245
mklos-kw wants to merge 16 commits intomasterfrom
chore/bump-sec

Conversation

@mklos-kw
Copy link
Copy Markdown
Member

@mklos-kw mklos-kw commented Apr 22, 2026

Description

Related Issue

  • Fixes <issue_link>

Motivation and Context

How Has This Been Tested?

  • test environment:
  • test case 1:
  • test case 2:
  • ...

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:

@update-docs
Copy link
Copy Markdown

update-docs Bot commented Apr 22, 2026

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

mklos-kw added 16 commits April 23, 2026 19:01
@mklos-kw
chore: bump follow-redirects to >=1.16.0
f553649
@mklos-kw
chore: bump @xmldom/xmldom to >=0.8.12
089d763
@mklos-kw
chore: bump serialize-javascript to >=7.0.5
4e0d560
@mklos-kw
chore: bump picomatch to 2.3.2 / 4.0.4
20656f1
@mklos-kw
chore: bump flatted to >=3.4.2
f10fd65
@mklos-kw
chore: bump undici to >=7.24.0
9a0abce
@mklos-kw
chore: bump svgo to >=4.0.1
c86debb
@mklos-kw
chore: bump minimatch to 3.1.3 / 5.1.8
d159be3
@mklos-kw
build(deps): bump i18next-http-backend in /services/idp
ab8c31c 
Bumps [i18next-http-backend](https://github.com/i18next/i18next-http-backend) from 2.7.3 to 3.0.5.
- [Changelog](https://github.com/i18next/i18next-http-backend/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next-http-backend@v2.7.3...v3.0.5)

---
updated-dependencies:
- dependency-name: i18next-http-backend
  dependency-version: 3.0.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump amd64/alpine from 3.23.3 to 3.23.4 in /ocis/docker
c575671 
Bumps amd64/alpine from 3.23.3 to 3.23.4.

---
updated-dependencies:
- dependency-name: amd64/alpine
  dependency-version: 3.23.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump actions/setup-node from 6.3.0 to 6.4.0
82d5ec3 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump actions/setup-go from 6.3.0 to 6.4.0
616a871 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v6.3.0...4a36011)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0
da38d2a 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump docker/build-push-action from 7.0.0 to 7.1.0
ef6fb0e 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@d08e5c3...bcafcac)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
1ef1a36 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@153bb8e...b430933)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mklos-kw
chore: lock file regenerate
5037818
@kobergj kobergj mentioned this pull request Apr 24, 2026
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mklos-kw