From 5e6524954c81fd8c6f81bcf69804982eb97884aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Feb 2026 11:44:46 +0700 Subject: [PATCH 1/4] chore(deps): pin react-icons to 5.4.0 in /superset-frontend (#38144) Signed-off-by: dependabot[bot] Signed-off-by: hainenber Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: hainenber --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a1bdbdd92e93..4135741d9e65 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -19,6 +19,8 @@ updates: # remark-gfm v4+ requires react-markdown v9+, which needs React 18 - dependency-name: "remark-gfm" - dependency-name: "react-markdown" + # TODO: remove below entries until React >= 19.0.0 + - dependency-name: "react-icons" # JSDOM v30 doesn't play well with Jest v30 # Source: https://jestjs.io/blog#known-issues # GH thread: https://github.com/jsdom/jsdom/issues/3492 From 82fce8d7de8023044f326eaf87c531e957452b4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Feb 2026 11:45:06 +0700 Subject: [PATCH 2/4] chore(deps-dev): bump @types/node from 25.2.3 to 25.3.0 in /superset-frontend (#38143) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- superset-frontend/package-lock.json | 18 +++++++++--------- superset-frontend/package.json | 2 +- .../packages/superset-ui-core/package.json | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/superset-frontend/package-lock.json b/superset-frontend/package-lock.json index 511f15e2e297..186f34f222a9 100644 --- a/superset-frontend/package-lock.json +++ b/superset-frontend/package-lock.json @@ -202,7 +202,7 @@ "@types/js-levenshtein": "^1.1.3", "@types/json-bigint": "^1.0.4", "@types/mousetrap": "^1.6.15", - "@types/node": "^25.2.3", + "@types/node": "^25.3.0", "@types/react": "^17.0.83", "@types/react-dom": "^17.0.26", "@types/react-loadable": "^5.5.11", @@ -15271,12 +15271,12 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "25.2.3", - "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.3.tgz", - "integrity": "sha512-m0jEgYlYz+mDJZ2+F4v8D1AyQb+QzsNqRuI7xg1VQX/KlKS0qT9r1Mo16yo5F/MtifXFgaofIFsdFMox2SxIbQ==", + "version": "25.3.0", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.3.0.tgz", + "integrity": "sha512-4K3bqJpXpqfg2XKGK9bpDTc6xO/xoUP/RBWS7AtRMug6zZFaRekiLzjVtAoZMquxoAbzBvy5nxQ7veS5eYzf8A==", "license": "MIT", "dependencies": { - "undici-types": "~7.16.0" + "undici-types": "~7.18.0" } }, "node_modules/@types/normalize-package-data": { @@ -48771,9 +48771,9 @@ } }, "node_modules/undici-types": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz", - "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==", + "version": "7.18.2", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz", + "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==", "license": "MIT" }, "node_modules/unicode-canonical-property-names-ecmascript": { @@ -51907,7 +51907,7 @@ "@types/d3-time-format": "^4.0.3", "@types/jquery": "^3.5.33", "@types/lodash": "^4.17.23", - "@types/node": "^25.2.3", + "@types/node": "^25.3.0", "@types/prop-types": "^15.7.15", "@types/react-syntax-highlighter": "^15.5.13", "@types/react-table": "^7.7.20", diff --git a/superset-frontend/package.json b/superset-frontend/package.json index 17ddace909ea..114eb2d2f09e 100644 --- a/superset-frontend/package.json +++ b/superset-frontend/package.json @@ -283,7 +283,7 @@ "@types/js-levenshtein": "^1.1.3", "@types/json-bigint": "^1.0.4", "@types/mousetrap": "^1.6.15", - "@types/node": "^25.2.3", + "@types/node": "^25.3.0", "@types/react": "^17.0.83", "@types/react-dom": "^17.0.26", "@types/react-loadable": "^5.5.11", diff --git a/superset-frontend/packages/superset-ui-core/package.json b/superset-frontend/packages/superset-ui-core/package.json index a071775658b9..e73b0ec3af2a 100644 --- a/superset-frontend/packages/superset-ui-core/package.json +++ b/superset-frontend/packages/superset-ui-core/package.json @@ -78,7 +78,7 @@ "@types/react-syntax-highlighter": "^15.5.13", "@types/jquery": "^3.5.33", "@types/lodash": "^4.17.23", - "@types/node": "^25.2.3", + "@types/node": "^25.3.0", "@types/prop-types": "^15.7.15", "@types/rison": "0.1.0", "@types/seedrandom": "^3.0.8", From 5bee32ea93dd49b6079ea8edeef15479ebb6d263 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Feb 2026 11:45:40 +0700 Subject: [PATCH 3/4] chore(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 (#38138) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index a1b436e3fae4..6b9c16b82f6a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -104,7 +104,7 @@ jobs: # Scan for vulnerabilities in built container image after pushes to mainline branch. - name: Run Trivy container image vulnerabity scan if: github.event_name == 'push' && github.ref == 'refs/heads/master' && (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'lean' - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # v0.34.1 with: image-ref: ${{ env.IMAGE_TAG }} format: 'sarif' From 6424194c87442496d96ea5990690c09703c9350e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Feb 2026 13:25:26 +0700 Subject: [PATCH 4/4] chore(deps): bump underscore from 1.13.7 to 1.13.8 in /superset-frontend (#38142) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- superset-frontend/package-lock.json | 9 ++++++++- .../plugins/legacy-preset-chart-deckgl/package.json | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/superset-frontend/package-lock.json b/superset-frontend/package-lock.json index 186f34f222a9..efd69ef0f024 100644 --- a/superset-frontend/package-lock.json +++ b/superset-frontend/package-lock.json @@ -48758,6 +48758,7 @@ "version": "1.13.7", "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.7.tgz", "integrity": "sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==", + "dev": true, "license": "MIT" }, "node_modules/undici": { @@ -53284,7 +53285,7 @@ "mousetrap": "^1.6.5", "ngeohash": "^0.6.3", "prop-types": "^15.8.1", - "underscore": "^1.13.7", + "underscore": "^1.13.8", "urijs": "^1.19.11", "xss": "^1.0.15" }, @@ -53366,6 +53367,12 @@ "integrity": "sha512-lDB5YccMydFBtasVtxnZ3MRBHuaoE8GKsppq+EchKL2U4nK/DmEpPHNH8MZe5HkMtpSiTSOZwfN0tzYjO/lJEw==", "license": "ISC" }, + "plugins/legacy-preset-chart-deckgl/node_modules/underscore": { + "version": "1.13.8", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.8.tgz", + "integrity": "sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==", + "license": "MIT" + }, "plugins/legacy-preset-chart-nvd3": { "name": "@superset-ui/legacy-preset-chart-nvd3", "version": "0.20.3", diff --git a/superset-frontend/plugins/legacy-preset-chart-deckgl/package.json b/superset-frontend/plugins/legacy-preset-chart-deckgl/package.json index c19dcb600d93..62eac12d75da 100644 --- a/superset-frontend/plugins/legacy-preset-chart-deckgl/package.json +++ b/superset-frontend/plugins/legacy-preset-chart-deckgl/package.json @@ -50,7 +50,7 @@ "mousetrap": "^1.6.5", "ngeohash": "^0.6.3", "prop-types": "^15.8.1", - "underscore": "^1.13.7", + "underscore": "^1.13.8", "urijs": "^1.19.11", "xss": "^1.0.15" },