Version Packages (cost-management)

[rhdh-bot]

Releases

@red-hat-developer-hub/plugin-cost-management@2.2.1

Patch Changes

• 558b7c3: fix: patch transitive dependency CVEs via yarn resolutions

  Pins vulnerable transitive dependencies to patched versions to address open Dependabot alerts:

• 815580b: fix: additional CVE patches and dependency updates for 2.2.1

  Covers the following changes merged after the initial CVE patch (558b7c3):

  • chore(deps): update rhdh cost management dependencies (patch) (chore(deps): update rhdh cost management dependencies (patch) #3000) — bumps
    @aws-sdk/core/fast-xml-parser to 4.5.6, request/form-data to 2.5.5,
    request/tough-cookie to 4.1.4, typeorm to 0.3.29, and file-type to 21.3.4
    via yarn resolutions

  • fix: resolve lodash CVEs via workspace resolution (fix(cost-management): resolve lodash CVEs via workspace resolution #3135) — pins lodash to 4.18.1
    to address GHSA-r5fr-rjxr-66jc (Code Injection via _.template, CVSS 8.1) and
    GHSA-f23m-r3pf-42rh (Prototype Pollution via _.unset/_.omit, CVSS 6.5)

  • fix: update lodash direct deps to 4.18.1 to close Dependabot alerts (fix(cost-management): update lodash direct deps to 4.18.1 #3142) —
    updates pinned lodash versions in individual plugin package.json files so
    Dependabot can detect the fix for GHSA-r5fr-rjxr-66jc and GHSA-f23m-r3pf-42rh

  • fix: CVE patches for casbin/minimatch and fast-xml-parser (Fix CVEs #3143) — adds
    casbin/minimatch resolution to 7.4.8 and bumps fast-xml-parser to 5.7.3

  • fix: upgrade @backstage-community/plugin-rbac-backend to ^7.12.4 (Upgrade Backstage Backend CVE #3161) —
    upgrades rbac-backend and rbac-common to address a Backstage backend CVE

  • chore(deps): update linkifyjs to v4.3.3 (Update RHDH Cost Management Dependencies (patch) #3155) — patch version bump

• Updated dependencies [558b7c3]

• Updated dependencies [815580b]

  • @red-hat-developer-hub/plugin-cost-management-common@2.2.1

@red-hat-developer-hub/plugin-cost-management-backend@2.2.1

Patch Changes

• 558b7c3: fix: patch transitive dependency CVEs via yarn resolutions

  Pins vulnerable transitive dependencies to patched versions to address open Dependabot alerts:

• 815580b: fix: additional CVE patches and dependency updates for 2.2.1

  Covers the following changes merged after the initial CVE patch (558b7c3):

  • chore(deps): update rhdh cost management dependencies (patch) (chore(deps): update rhdh cost management dependencies (patch) #3000) — bumps
    @aws-sdk/core/fast-xml-parser to 4.5.6, request/form-data to 2.5.5,
    request/tough-cookie to 4.1.4, typeorm to 0.3.29, and file-type to 21.3.4
    via yarn resolutions

  • fix: resolve lodash CVEs via workspace resolution (fix(cost-management): resolve lodash CVEs via workspace resolution #3135) — pins lodash to 4.18.1
    to address GHSA-r5fr-rjxr-66jc (Code Injection via _.template, CVSS 8.1) and
    GHSA-f23m-r3pf-42rh (Prototype Pollution via _.unset/_.omit, CVSS 6.5)

  • fix: update lodash direct deps to 4.18.1 to close Dependabot alerts (fix(cost-management): update lodash direct deps to 4.18.1 #3142) —
    updates pinned lodash versions in individual plugin package.json files so
    Dependabot can detect the fix for GHSA-r5fr-rjxr-66jc and GHSA-f23m-r3pf-42rh

  • fix: CVE patches for casbin/minimatch and fast-xml-parser (Fix CVEs #3143) — adds
    casbin/minimatch resolution to 7.4.8 and bumps fast-xml-parser to 5.7.3

  • fix: upgrade @backstage-community/plugin-rbac-backend to ^7.12.4 (Upgrade Backstage Backend CVE #3161) —
    upgrades rbac-backend and rbac-common to address a Backstage backend CVE

  • chore(deps): update linkifyjs to v4.3.3 (Update RHDH Cost Management Dependencies (patch) #3155) — patch version bump

• Updated dependencies [558b7c3]

• Updated dependencies [815580b]

  • @red-hat-developer-hub/plugin-cost-management-common@2.2.1

@red-hat-developer-hub/plugin-cost-management-common@2.2.1

Patch Changes

• 558b7c3: fix: patch transitive dependency CVEs via yarn resolutions

  Pins vulnerable transitive dependencies to patched versions to address open Dependabot alerts:

• 815580b: fix: additional CVE patches and dependency updates for 2.2.1

  Covers the following changes merged after the initial CVE patch (558b7c3):

  • chore(deps): update rhdh cost management dependencies (patch) (chore(deps): update rhdh cost management dependencies (patch) #3000) — bumps
    @aws-sdk/core/fast-xml-parser to 4.5.6, request/form-data to 2.5.5,
    request/tough-cookie to 4.1.4, typeorm to 0.3.29, and file-type to 21.3.4
    via yarn resolutions

  • fix: resolve lodash CVEs via workspace resolution (fix(cost-management): resolve lodash CVEs via workspace resolution #3135) — pins lodash to 4.18.1
    to address GHSA-r5fr-rjxr-66jc (Code Injection via _.template, CVSS 8.1) and
    GHSA-f23m-r3pf-42rh (Prototype Pollution via _.unset/_.omit, CVSS 6.5)

  • fix: update lodash direct deps to 4.18.1 to close Dependabot alerts (fix(cost-management): update lodash direct deps to 4.18.1 #3142) —
    updates pinned lodash versions in individual plugin package.json files so
    Dependabot can detect the fix for GHSA-r5fr-rjxr-66jc and GHSA-f23m-r3pf-42rh

  • fix: CVE patches for casbin/minimatch and fast-xml-parser (Fix CVEs #3143) — adds
    casbin/minimatch resolution to 7.4.8 and bumps fast-xml-parser to 5.7.3

  • fix: upgrade @backstage-community/plugin-rbac-backend to ^7.12.4 (Upgrade Backstage Backend CVE #3161) —
    upgrades rbac-backend and rbac-common to address a Backstage backend CVE

  • chore(deps): update linkifyjs to v4.3.3 (Update RHDH Cost Management Dependencies (patch) #3155) — patch version bump

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.97%. Comparing base (558b7c3) to head (e74d081).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3134   +/-   ##
=======================================
  Coverage   60.97%   60.97%           
=======================================
  Files        2081     2081           
  Lines       64283    64283           
  Branches    16680    16680           
=======================================
  Hits        39196    39196           
  Misses      24880    24880           
  Partials      207      207           

Flag	Coverage Δ		*Carryforward flag
adoption-insights	83.58% <ø> (ø)		Carriedforward from 558b7c3
ai-integrations	70.03% <ø> (ø)		Carriedforward from 558b7c3
app-defaults	69.60% <ø> (ø)		Carriedforward from 558b7c3
augment	69.36% <ø> (ø)		Carriedforward from 558b7c3
bulk-import	72.45% <ø> (ø)		Carriedforward from 558b7c3
cost-management	16.49% <ø> (ø)
dcm	32.85% <ø> (ø)		Carriedforward from 558b7c3
extensions	61.79% <ø> (ø)		Carriedforward from 558b7c3
global-floating-action-button	73.75% <ø> (ø)		Carriedforward from 558b7c3
global-header	61.68% <ø> (ø)		Carriedforward from 558b7c3
homepage	50.84% <ø> (ø)		Carriedforward from 558b7c3
konflux	91.01% <ø> (ø)		Carriedforward from 558b7c3
lightspeed	68.66% <ø> (ø)		Carriedforward from 558b7c3
mcp-integrations	81.59% <ø> (ø)		Carriedforward from 558b7c3
orchestrator	35.14% <ø> (ø)		Carriedforward from 558b7c3
quickstart	62.64% <ø> (ø)		Carriedforward from 558b7c3
sandbox	79.56% <ø> (ø)		Carriedforward from 558b7c3
scorecard	83.82% <ø> (ø)		Carriedforward from 558b7c3
theme	64.54% <ø> (ø)		Carriedforward from 558b7c3
translations	8.49% <ø> (ø)		Carriedforward from 558b7c3
x2a	82.24% <ø> (ø)		Carriedforward from 558b7c3

*This pull request uses carry forward flags. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 558b7c3...e74d081. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[PreetiW]

Holding this to consolidate with #3109, #3110, #3082, and #3000 into a single 2.2.1 release. Will re-approve once the other PRs are merged.

[PreetiW]

/rebase

[PreetiW]

/rebase

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud