Skip to content

Backport security fixes to release/1.61.x #15644

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 10, 2025
Merged

Backport security fixes to release/1.61.x #15644

merged 3 commits into from
Jun 10, 2025

Conversation

Torbjorn-Svensson
Copy link
Contributor

What it does

Backports:

How to test

I have just bumped the dependency and verified that the browser build starts using details described in the quickstart guide

Follow-ups

Breaking changes

  • This PR introduces breaking changes and requires careful review. If yes, the breaking changes section in the changelog has been updated.

Attribution

Review checklist

Reminder for reviewers

Contributed by STMicroelectronics

@Torbjorn-Svensson
deps: Bump tar-fs to 3.0.8 (eclipse-theia#15562)
ac1be54 
tar-fs 3.0.8 fixes CVE-2024-12905
(https://security.snyk.io/vuln/SNYK-JS-TARFS-9535930)

Contributed by STMicroelectronics

Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
@Torbjorn-Svensson
deps: Bump dompurify to 3.2.4 (eclipse-theia#15564)
5debb96 
dompurify 3.2.4 fixes CVE-2025-26791
(https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-8722251)

Contributed by STMicroelectronics

Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
@Torbjorn-Svensson
deps: Bump multer to 2.0.0 (eclipse-theia#15614)
1525fa5 
multer 2.0.0 fixes CVE-2025-47944
(https://nvd.nist.gov/vuln/detail/CVE-2025-47944)

Contributed by STMicroelectronics

Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
@github-project-automation github-project-automation bot moved this to Waiting on reviewers in PR Backlog May 26, 2025
@rschnekenbu rschnekenbu mentioned this pull request May 26, 2025
Closed
9 tasks
@JonasHelming JonasHelming requested a review from rschnekenbu May 26, 2025 11:15
rschnekenbu
rschnekenbu approved these changes Jun 10, 2025
View reviewed changes
Copy link
Contributor

@rschnekenbu rschnekenbu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! did a smoke test on browser and electron sample app, with extension and file downloading, text editing, etc. All looks good! (and this was tested also on 1.62)

@github-project-automation github-project-automation bot moved this from Waiting on reviewers to Needs merge in PR Backlog Jun 10, 2025
@rschnekenbu rschnekenbu merged commit 7d4984d into eclipse-theia:release/1.61.x Jun 10, 2025
1 check passed
@github-project-automation github-project-automation bot moved this from Needs merge to Done in PR Backlog Jun 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rschnekenbu rschnekenbu rschnekenbu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
PR Backlog
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Torbjorn-Svensson @rschnekenbu