Skip to content
Legacy docs for Tenzir v5.x. For the latest Tenzir v6 series, visit docs.tenzir.com. Migrating from v5? Read the Tenzir v6 migration guide.

Tenzir Platform Unreleased

🐞 Bug Fixes

Section titled “🐞 Bug Fixes”

Upgrade dependencies to fix known vulnerabilities

Section titled “Upgrade dependencies to fix known vulnerabilities”

Apr 21, 2026 · @lava

We upgraded frontend, backend, and CLI dependencies and bumped the tenzir-seaweed base image to address known vulnerabilities reported by our container scanner.

Notable dependency bumps:

  • drizzle-orm to 0.45.2 (CVE-2026-39356)
  • tar to 7.5.8 (CVE-2021-32803, CVE-2026-26960, CVE-2021-37712, CVE-2021-37713)
  • tar-fs to 3.0.7 (CVE-2024-12905)
  • ws to 8.17.1 (CVE-2024-37890)
  • elliptic to 6.5.7 (CVE-2024-42461, CVE-2020-13822, CVE-2024-48949)
  • cryptography to 46.0.7 (CVE-2026-39892)
  • rollup to 4.59.0 (CVE-2026-27606)
  • vite to 7.3.2 (CVE-2026-39363)
  • ajv to 8.18.0 (CVE-2025-69873)
  • defu to 6.1.5 (CVE-2026-35209)
  • picomatch to 4.0.4 (CVE-2026-33671)
  • http-cache-semantics to 4.1.1 (CVE-2022-25881)
  • glob to 11.1.0 (CVE-2025-64756)
  • glob-parent to 5.1.2 (CVE-2020-28469)
  • cipher-base to 1.0.5 (CVE-2025-9287)
  • trim-newlines to 4.0.1 (CVE-2021-33623)
  • y18n to 5.0.5 (CVE-2020-7774)
  • kind-of to 6.0.3 (CVE-2019-20149)
  • decode-uri-component to 0.2.1 (CVE-2022-38900)
  • minimist to 1.2.6 (CVE-2021-44906)
  • lodash to 4.18.1 (CVE-2020-8203, CVE-2026-4800)
  • minimatch to 3.0.5 (CVE-2022-3517)
  • ansi-regex to 6.0.1 (CVE-2021-3807)
  • semver to 7.7.1 (CVE-2022-25883)
  • normalize-url to 6.0.1 (CVE-2021-33502)
  • ini to 1.3.6 (CVE-2020-7788)

The tenzir-seaweed base image was bumped to 4.20 and Dockerfiles now run OS package upgrades, addressing CVE-2026-2673, CVE-2026-28388, CVE-2026-31790, CVE-2026-28390, CVE-2026-28389 (openssl), CVE-2026-40200 (musl), and CVE-2026-5201 (gdk-pixbuf).