From 445767b7a97c2330f63f4d1f6bbfff9acf71f2f1 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Sat, 7 Feb 2026 06:20:19 +0000
Subject: [PATCH 1/2] fix: packages/cli/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WEBPACK-15235959
- https://snyk.io/vuln/SNYK-JS-WEBPACK-15235969
---
 packages/cli/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index 8b78b16900615b..b468f56b4e2ca1 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -34,11 +34,11 @@
     "@backstage/cli-common": "workspace:^",
     "@backstage/cli-node": "workspace:^",
     "@backstage/config": "workspace:^",
-    "@backstage/config-loader": "workspace:^",
+    "@backstage/config-loader": "0.1.1",
     "@backstage/errors": "workspace:^",
     "@backstage/eslint-plugin": "workspace:^",
     "@backstage/integration": "workspace:^",
-    "@backstage/release-manifests": "workspace:^",
+    "@backstage/release-manifests": "0.0.1",
     "@backstage/types": "workspace:^",
     "@esbuild-kit/cjs-loader": "^2.4.1",
     "@manypkg/get-packages": "^1.1.3",
@@ -130,7 +130,7 @@
     "tar": "^6.1.12",
     "terser-webpack-plugin": "^5.1.3",
     "util": "^0.12.3",
-    "webpack": "^5.70.0",
+    "webpack": "^5.104.1",
     "webpack-dev-server": "^4.7.3",
     "webpack-node-externals": "^3.0.0",
     "yaml": "^2.0.0",

From 99fe709a6be0357649ccb09d309bb054a74f844e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 10 Feb 2026 00:37:09 +0000
Subject: [PATCH 2/2] fix: packages/cli/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WEBPACK-15235959
- https://snyk.io/vuln/SNYK-JS-WEBPACK-15235969