From ac76e5dacb3e124d9869f690d920b6457621c35a Mon Sep 17 00:00:00 2001 From: prabhakar Date: Fri, 24 Apr 2026 13:36:59 +0530 Subject: [PATCH] OCPBUGS-79444: immutable bump Bump immutable from 3.8.2 to 3.8.3 to address prototype pollution vulnerability via mergeDeep, merge, toJS, toObject (CVE-2026-29063). --- web/package-lock.json | 2 +- web/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index cf9b42d6..86a8fb14 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -30,7 +30,7 @@ "i18next": "^21.8.14", "i18next-http-backend": "^2.2.0", "i18next-parser": "^8.11.0", - "immutable": "3.x", + "immutable": "^3.8.3", "lodash-es": "^4.17.21", "murmurhash-js": "1.0.x", "react": "^17.0.1", diff --git a/web/package.json b/web/package.json index 38854f70..22b7f0b8 100644 --- a/web/package.json +++ b/web/package.json @@ -46,7 +46,7 @@ "i18next": "^21.8.14", "i18next-http-backend": "^2.2.0", "i18next-parser": "^8.11.0", - "immutable": "3.x", + "immutable": "^3.8.3", "lodash-es": "^4.17.21", "murmurhash-js": "1.0.x", "react": "^17.0.1",