update to newer backstage dependencies, to fix zod
vulnerability
#203
Labels
bump-backstage-core
Sync dependencies with latest backstage core version
zod
vulnerability
#203
Feature Suggestion
Hello from the Backstage maintainers! I'd like to give a nudge toward migrating the plugins to a newer version of the Backstage framework, if possible.
Possible Implementation
Migrate the plugins to depending on a newer Backstage version.
Context
backstage/backstage#21777
Old versions of the Backstage framework depended on a
zod
version range that has since gotten a security report, and there's no fix within that range. Newer Backstage versions do not pull in the vulnerable library. The only remaining dependency in the main Backstage repo that does pull in this library, happens to be the score-card plugin at this point.Thanks for all of your contributions!
The text was updated successfully, but these errors were encountered: