From 1789536a1ea6b93563fdeaca16eb203d6726354a Mon Sep 17 00:00:00 2001
From: prabhakar <ppalepu@redhat.com>
Date: Fri, 24 Apr 2026 13:33:16 +0530
Subject: [PATCH] OCPBUGS-79448: immutable bump

Bump immutable from 3.8.2 to 3.8.3 to address prototype pollution
vulnerability via mergeDeep, merge, toJS, toObject
(CVE-2026-29063).
---
 web/package-lock.json | 8 ++++----
 web/package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/web/package-lock.json b/web/package-lock.json
index a9f76859a..fd074835c 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -30,7 +30,7 @@
         "fuzzysearch": "1.0.x",
         "i18next": "^21.8.14",
         "i18next-http-backend": "^2.2.0",
-        "immutable": "3.x",
+        "immutable": "^3.8.3",
         "lodash-es": "^4.17.21",
         "murmurhash-js": "1.0.x",
         "react": "^17.0.1",
@@ -8761,9 +8761,9 @@
       }
     },
     "node_modules/immutable": {
-      "version": "3.8.2",
-      "resolved": "https://registry.npmjs.org/immutable/-/immutable-3.8.2.tgz",
-      "integrity": "sha512-15gZoQ38eYjEjxkorfbcgBKBL6R7T459OuK+CpcWt7O3KF4uPCx2tD0uFETlUDIyo+1789crbMhTvQBSR5yBMg==",
+      "version": "3.8.3",
+      "resolved": "https://registry.npmjs.org/immutable/-/immutable-3.8.3.tgz",
+      "integrity": "sha512-AUY/VyX0E5XlibOmWt10uabJzam1zlYjwiEgQSDc5+UIkFNaF9WM0JxXKaNMGf+F/ffUF+7kRKXM9A7C0xXqMg==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
diff --git a/web/package.json b/web/package.json
index cd5dddd31..533a323a6 100644
--- a/web/package.json
+++ b/web/package.json
@@ -60,7 +60,7 @@
     "fuzzysearch": "1.0.x",
     "i18next": "^21.8.14",
     "i18next-http-backend": "^2.2.0",
-    "immutable": "3.x",
+    "immutable": "^3.8.3",
     "lodash-es": "^4.17.21",
     "murmurhash-js": "1.0.x",
     "react": "^17.0.1",