From 33a39e18a92cf3f2c9e922d806cf891462ac59b5 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Fri, 13 Feb 2026 10:43:34 +0000
Subject: [PATCH 1/2] fix: plugins/catalog-graphql/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-15274295
- https://snyk.io/vuln/SNYK-JS-QS-15268416
---
 plugins/catalog-graphql/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/catalog-graphql/package.json b/plugins/catalog-graphql/package.json
index 0b4bebc0f7c87f..1811ed13b9e51b 100644
--- a/plugins/catalog-graphql/package.json
+++ b/plugins/catalog-graphql/package.json
@@ -35,10 +35,10 @@
   },
   "dependencies": {
     "@apollo/client": "^3.0.0",
-    "@apollo/server": "^4.0.0",
-    "@backstage/catalog-model": "workspace:^",
+    "@apollo/server": "^5.4.0",
+    "@backstage/catalog-model": "0.1.1",
     "@backstage/config": "workspace:^",
-    "@backstage/types": "workspace:^",
+    "@backstage/types": "0.1.1",
     "graphql": "^16.0.0",
     "graphql-modules": "^2.0.0",
     "graphql-tag": "^2.11.0",

From f0ebc2c51231a35423496168977cba9b5d1a6af1 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 16 Feb 2026 03:39:10 +0000
Subject: [PATCH 2/2] fix: plugins/catalog-graphql/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-15274295
- https://snyk.io/vuln/SNYK-JS-QS-15268416