From cc6c39a99f6d12946b8837172ae9e5e4800cb135 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 12:25:13 +0000
Subject: [PATCH] fix: packages/cli/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-15268416
---
 packages/cli/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index 8b78b16900615b..02e46e9cdb50ba 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -34,11 +34,11 @@
     "@backstage/cli-common": "workspace:^",
     "@backstage/cli-node": "workspace:^",
     "@backstage/config": "workspace:^",
-    "@backstage/config-loader": "workspace:^",
+    "@backstage/config-loader": "0.1.1",
     "@backstage/errors": "workspace:^",
     "@backstage/eslint-plugin": "workspace:^",
     "@backstage/integration": "workspace:^",
-    "@backstage/release-manifests": "workspace:^",
+    "@backstage/release-manifests": "0.0.1",
     "@backstage/types": "workspace:^",
     "@esbuild-kit/cjs-loader": "^2.4.1",
     "@manypkg/get-packages": "^1.1.3",
@@ -90,7 +90,7 @@
     "eslint-plugin-react": "^7.28.0",
     "eslint-plugin-react-hooks": "^4.3.0",
     "eslint-webpack-plugin": "^3.1.1",
-    "express": "^4.17.1",
+    "express": "^4.22.0",
     "fork-ts-checker-webpack-plugin": "^7.0.0-alpha.8",
     "fs-extra": "10.1.0",
     "git-url-parse": "^13.0.0",