Skip to content

Update platform security modules (main) #232111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Aug 27, 2025
Merged

Update platform security modules (main) #232111

merged 8 commits into from
Aug 27, 2025

Conversation

elastic-renovate-prod[bot]
Copy link
Contributor

@elastic-renovate-prod elastic-renovate-prod bot commented Aug 18, 2025
edited by kibanamachine
Loading

This PR contains the following updates:

Package Type Update Change
@types/lodash (source) devDependencies patch ^4.17.16 -> ^4.17.20
@types/node-forge (source) devDependencies patch ^1.3.11 -> ^1.3.13
dependency-cruiser devDependencies major ^16.10.0 -> ^17.0.1
js-sha256 dependencies patch ^0.11.0 -> ^0.11.1
xml-crypto devDependencies minor ^6.0.1 -> ^6.1.2

Release Notes

sverweij/dependency-cruiser (dependency-cruiser)

v17.0.1

Compare Source

🐛 fixes

  • 2f31ab0 fix(types): enable IDE autocompletion for OutputType candidates (#​1005) (thanks @​sushichan044 for the pull request!)
  • 4dbfa19 chore(types): removes now unused lint warning + associated comment

📖 documentation

  • 7f3e5fc doc(cli): adds more references to the options, corrects typos

👷 maintenance

  • d339300 refactor(report): replaces teamcity-service-messages with local functions (#​1008)
  • 990d139 chore(npm): updates external devDependencies

v17.0.0

Compare Source

🚨 breaking

... so still supported are node ^20(.12), ^22 and >=24 and this will remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year and 7 months. However, dropping node versions is inevitable as dependencies we use did this as well, and we want to keep up to date for obvious reasons. We also believe that most of dependency-cruiser's users have migrated away from node 18 (21, 23) a long time ago, given the release dates of their successors (april 2023, 2024 and 2025 respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

🧑‍🏭 maintenance

  • 684e123 refactor!: replaces picocolors with native node:util/styleText (#​1002)

♻️ life cycle management

v16.10.4

Compare Source

🐛 fixes

  • 06b548a fix(enrich): enables ignoring reachability (, instability) validations as well (#​999)
    thanks @​hugotiger for raising the issue, reproduction repo and testing the beta('s) with the fix!

👷 maintenance

  • 06b548a (same commit as the fix) - updates 3rd party dependencies a.o. acorn-loose and acorn thanks @​brocef for alerting there's an issue in acorn-loose that's fixed after bumping to latest.
  • 66f1e32 fix(ci): fixes code scanning alerts on github actions (#​1000)

🧹 chores

  • 581596a chore: lets prettier target .mjs as well
  • 62e8fc6 chore(npm): recreates package-lock

v16.10.3

Compare Source

📖 documentation

  • 48a9e2a doc(real-world-samples): updates commander.js example picture (thanks @​cristiano-belloni for noticing the previous graph displayed commander's internals as they were 10 years ago)

👷 maintenance

  • 9db465e/ 35e1f9c/ d3e38d1 build(npm): updates external dependencies
  • 13616e4 chore: adds instructions for copilot
  • 6aa6e82 refactor(cli): replaces commander with node:util/parseArgs - depcruise-fmt (#​995)
  • d5bf4bd refactor(cli): replaces commander with node:util/parseArgs - depcruise-baseline (#​994)

v16.10.2

Compare Source

🐛 fixes

  • 4fc3732 fix: adds support for node v24 (#​993) - thanks to @​7rulnik for the PR so quick after the official node 24 release!

👷 maintenance and chores

  • 4bc31b1 build(npm): updates external dependencies
  • 6ad4f12 chore(ci): configures CodeQL for GitHub actions (#​992)
  • 699f19e chore: adds 7rulnik to contributors in package manifest

v16.10.1

Compare Source

🐛 fixes

  • 42ea09b fix(enrich/derive): makes reachable calculation faster (#​990) - thanks to @​neelance for the improvement suggestion as well as the patch the PR was built on!

👷 maintenance

  • 4b75ec0 build(npm): updates external dependencies
node-saml/xml-crypto (xml-crypto)

v6.1.2

Compare Source

  • Remove all reference XML data if any are corrupted (#​502) (cac1c8d)

v6.1.1

Compare Source

  • Adjust deprecation to better reflect real-world usage (#​499) (ab1c69e)

v6.1.0

Compare Source

  • Introduce new .getSignedReferences() function of signature to help prevent signature wrapping attacks (#​489) (badaf20)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@elastic-renovate-prod elastic-renovate-prod bot added backport:all-open Backport to all branches that could still receive a release release_note:skip Skip the PR/issue when compiling release notes Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// labels Aug 18, 2025
@elastic-renovate-prod elastic-renovate-prod bot requested a review from a team August 18, 2025 15:02
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@kibanamachine
[CI] Auto-commit changed files from 'node scripts/yarn_deduplicate.js…
9f92977 
… && yarn kbn bootstrap && node scripts/yarn_deduplicate.js'
@elastic-renovate-prod
Copy link
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@legrego legrego requested a review from a team as a code owner August 18, 2025 16:49
@legrego
Copy link
Member

legrego commented Aug 18, 2025

/ci

@legrego legrego added backport:prev-minor and removed backport:all-open Backport to all branches that could still receive a release labels Aug 18, 2025
@legrego legrego requested a review from a team as a code owner August 18, 2025 17:25
@legrego
Copy link
Member

legrego commented Aug 18, 2025

/ci

@legrego
Copy link
Member

legrego commented Aug 19, 2025

/ci

@janmonschke
Copy link
Contributor

@legrego I'm unable to bootstrap this PR locally. It fails when compiling native dependencies. Have you managed to run it on your machine?

@azasypkin
Copy link
Member

@legrego I'm unable to bootstrap this PR locally. It fails when compiling native dependencies. Have you managed to run it on your machine?

I haven't tried last week, but I've just merged the latest main locally and bootstrap passed. Let me merge upstream here and see if it helps @janmonschke.

@azasypkin
Copy link
Member

@elasticmachine merge upstream

@azasypkin
Copy link
Member

/ci

janmonschke
janmonschke approved these changes Aug 25, 2025
View reviewed changes
Copy link
Contributor

@janmonschke janmonschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kibana-cases changes lgtm

ymao1
ymao1 approved these changes Aug 27, 2025
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

response ops changes LGTM

@legrego legrego enabled auto-merge (squash) August 27, 2025 12:47
@legrego legrego merged commit 249b6fe into main Aug 27, 2025
13 checks passed
@legrego legrego deleted the renovate/main-platform-security-modules branch August 27, 2025 13:48
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.18, 8.19, 9.1

https://github.com/elastic/kibana/actions/runs/17268663923

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Aug 27, 2025
@elastic-renovate-prod @kibanamachine
@legrego @elasticmachine
Update platform security modules (main) (elastic#232111)
6c69198 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))
| devDependencies | patch | [`^4.17.16` ->
`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)
|
|
[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))
| devDependencies | patch | [`^1.3.11` ->
`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)
|
|
[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)
| devDependencies | major | [`^16.10.0` ->
`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)
|
| [js-sha256](https://redirect.github.com/emn178/js-sha256) |
dependencies | patch | [`^0.11.0` ->
`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1) |
| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto) |
devDependencies | minor | [`^6.0.1` ->
`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2) |

---

### Release Notes

<details>
<summary>sverweij/dependency-cruiser (dependency-cruiser)</summary>

###
[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)

#### 🐛 fixes

-
[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)
fix(types): enable IDE autocompletion for OutputType candidates
([#&elastic#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))
(thanks [@&elastic#8203;sushichan044](https://redirect.github.com/sushichan044)
for the pull request!)
-
[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)
chore(types): removes now unused lint warning + associated comment

#### 📖 documentation

-
[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)
doc(cli): adds more references to the options, corrects typos

#### 👷 maintenance

-
[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)
refactor(report): replaces teamcity-service-messages with local
functions
([#&elastic#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))
-
[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)
chore(npm): updates external devDependencies

###
[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)

#### 🚨 breaking

-
[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)
chore!: drops support for node 18, 21 and 23 BREAKING
([#&elastic#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))

... so still supported are node ^20(.12), ^22 and >=24 and this will
remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year
and 7 months. However, dropping node versions is inevitable as
dependencies we use did this as well, and we want to keep up to date for
obvious reasons. We also believe that most of dependency-cruiser's users
have migrated away from node 18 (21, 23) a long time ago, given the
release dates of their successors (april 2023, 2024 and 2025
respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

#### 🧑‍🏭 maintenance

-
[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)
refactor!: replaces picocolors with native node:util/styleText
([#&elastic#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))

#### ♻️  life cycle management

-
[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/
[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)
build(npm): updates external dependencies

###
[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)

#### 🐛  fixes

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
fix(enrich): enables ignoring reachability (, instability) validations
as well
([#&elastic#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))
thanks [@&elastic#8203;hugotiger](https://redirect.github.com/hugotiger) for
raising the issue, reproduction repo and testing the beta('s) with the
fix!

#### 👷  maintenance

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
(same commit as the fix) - updates 3rd party dependencies a.o.
acorn-loose and acorn thanks
[@&elastic#8203;brocef](https://redirect.github.com/brocef) for alerting
there's an issue in acorn-loose that's fixed after bumping to latest.
-
[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)
fix(ci): fixes code scanning alerts on github actions
([#&elastic#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))

#### 🧹  chores

-
[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)
chore: lets prettier target .mjs as well
-
[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)
chore(npm): recreates package-lock

###
[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)

#### 📖 documentation

-
[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)
doc(real-world-samples): updates commander.js example picture (thanks
[@&elastic#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)
for noticing the previous graph displayed commander's internals as they
were 10 years ago)

#### 👷 maintenance

-
[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/
[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/
[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)
build(npm): updates external dependencies
-
[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)
chore: adds instructions for copilot
-
[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-fmt
([#&elastic#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))
-
[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-baseline
([#&elastic#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))

###
[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)

#### 🐛 fixes

-
[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)
fix: adds support for node v24
([#&elastic#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))
- thanks to [@&elastic#8203;7rulnik](https://redirect.github.com/7rulnik) for
the PR so quick after the official node 24 release!

#### 👷 maintenance and chores

-
[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)
build(npm): updates external dependencies
-
[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)
chore(ci): configures CodeQL for GitHub actions
([#&elastic#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))
-
[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)
chore: adds 7rulnik to contributors in package manifest

###
[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)

#### 🐛 fixes

-
[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)
fix(enrich/derive): makes reachable calculation faster
([#&elastic#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))
- thanks to [@&elastic#8203;neelance](https://redirect.github.com/neelance) for
the improvement suggestion as well as the patch the PR was built on!

#### 👷 maintenance

-
[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)
build(npm): updates external dependencies

</details>

<details>
<summary>node-saml/xml-crypto (xml-crypto)</summary>

###
[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)

- Remove all reference XML data if any are corrupted
([#&elastic#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))
([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))

###
[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)

- Adjust deprecation to better reflect real-world usage
([#&elastic#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))
([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))

###
[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)

- Introduce new .getSignedReferences() function of signature to help
prevent signature wrapping attacks
([#&elastic#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))
([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://elastic.slack.com/archives/C07AMD4CNUR) if that's
undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->

---------

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 249b6fe)
@kibanamachine kibanamachine mentioned this pull request Aug 27, 2025
Merged
@kibanamachine
Copy link
Contributor

💔 Some backports could not be created

Status Branch Result
8.18 Backport failed because of merge conflicts
8.19 Backport failed because of merge conflicts

You might need to backport the following PRs to 8.19:
- [ska] delete x-pack/test_serverless directory (#232186)
- Update OpenFeature (main) (#232332)
- [ska] relocate chat serverless api & functional tests (#230527)
9.1

Note: Successful backport PRs will be merged automatically after passing CI.

Manual backport

To create the backport manually run:

node scripts/backport --pr 232111

Questions ?

Please refer to the Backport tool documentation

@legrego legrego mentioned this pull request Aug 27, 2025
Merged
legrego pushed a commit to legrego/kibana that referenced this pull request Aug 27, 2025
@elastic-renovate-prod
Update platform security modules (main) (elastic#232111)
5cd41ab 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))
| devDependencies | patch | [`^4.17.16` ->
`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)
|
|
[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))
| devDependencies | patch | [`^1.3.11` ->
`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)
|
|
[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)
| devDependencies | major | [`^16.10.0` ->
`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)
|
| [js-sha256](https://redirect.github.com/emn178/js-sha256) |
dependencies | patch | [`^0.11.0` ->
`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1) |
| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto) |
devDependencies | minor | [`^6.0.1` ->
`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2) |

---

### Release Notes

<details>
<summary>sverweij/dependency-cruiser (dependency-cruiser)</summary>

###
[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)

#### 🐛 fixes

-
[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)
fix(types): enable IDE autocompletion for OutputType candidates
([#&elastic#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))
(thanks [@&elastic#8203;sushichan044](https://redirect.github.com/sushichan044)
for the pull request!)
-
[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)
chore(types): removes now unused lint warning + associated comment

#### 📖 documentation

-
[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)
doc(cli): adds more references to the options, corrects typos

#### 👷 maintenance

-
[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)
refactor(report): replaces teamcity-service-messages with local
functions
([#&elastic#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))
-
[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)
chore(npm): updates external devDependencies

###
[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)

#### 🚨 breaking

-
[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)
chore!: drops support for node 18, 21 and 23 BREAKING
([#&elastic#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))

... so still supported are node ^20(.12), ^22 and >=24 and this will
remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year
and 7 months. However, dropping node versions is inevitable as
dependencies we use did this as well, and we want to keep up to date for
obvious reasons. We also believe that most of dependency-cruiser's users
have migrated away from node 18 (21, 23) a long time ago, given the
release dates of their successors (april 2023, 2024 and 2025
respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

#### 🧑‍🏭 maintenance

-
[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)
refactor!: replaces picocolors with native node:util/styleText
([#&elastic#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))

#### ♻️  life cycle management

-
[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/
[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)
build(npm): updates external dependencies

###
[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)

#### 🐛  fixes

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
fix(enrich): enables ignoring reachability (, instability) validations
as well
([#&elastic#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))
thanks [@&elastic#8203;hugotiger](https://redirect.github.com/hugotiger) for
raising the issue, reproduction repo and testing the beta('s) with the
fix!

#### 👷  maintenance

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
(same commit as the fix) - updates 3rd party dependencies a.o.
acorn-loose and acorn thanks
[@&elastic#8203;brocef](https://redirect.github.com/brocef) for alerting
there's an issue in acorn-loose that's fixed after bumping to latest.
-
[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)
fix(ci): fixes code scanning alerts on github actions
([#&elastic#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))

#### 🧹  chores

-
[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)
chore: lets prettier target .mjs as well
-
[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)
chore(npm): recreates package-lock

###
[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)

#### 📖 documentation

-
[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)
doc(real-world-samples): updates commander.js example picture (thanks
[@&elastic#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)
for noticing the previous graph displayed commander's internals as they
were 10 years ago)

#### 👷 maintenance

-
[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/
[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/
[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)
build(npm): updates external dependencies
-
[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)
chore: adds instructions for copilot
-
[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-fmt
([#&elastic#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))
-
[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-baseline
([#&elastic#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))

###
[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)

#### 🐛 fixes

-
[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)
fix: adds support for node v24
([#&elastic#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))
- thanks to [@&elastic#8203;7rulnik](https://redirect.github.com/7rulnik) for
the PR so quick after the official node 24 release!

#### 👷 maintenance and chores

-
[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)
build(npm): updates external dependencies
-
[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)
chore(ci): configures CodeQL for GitHub actions
([#&elastic#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))
-
[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)
chore: adds 7rulnik to contributors in package manifest

###
[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)

#### 🐛 fixes

-
[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)
fix(enrich/derive): makes reachable calculation faster
([#&elastic#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))
- thanks to [@&elastic#8203;neelance](https://redirect.github.com/neelance) for
the improvement suggestion as well as the patch the PR was built on!

#### 👷 maintenance

-
[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)
build(npm): updates external dependencies

</details>

<details>
<summary>node-saml/xml-crypto (xml-crypto)</summary>

###
[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)

- Remove all reference XML data if any are corrupted
([#&elastic#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))
([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))

###
[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)

- Adjust deprecation to better reflect real-world usage
([#&elastic#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))
([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))

###
[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)

- Introduce new .getSignedReferences() function of signature to help
prevent signature wrapping attacks
([#&elastic#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))
([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://elastic.slack.com/archives/C07AMD4CNUR) if that's
undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->

---------

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 249b6fe)

# Conflicts:
#	package.json
#	yarn.lock
legrego pushed a commit to legrego/kibana that referenced this pull request Aug 27, 2025
@elastic-renovate-prod
Update platform security modules (main) (elastic#232111)
bc4a117 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))
| devDependencies | patch | [`^4.17.16` ->
`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)
|
|
[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))
| devDependencies | patch | [`^1.3.11` ->
`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)
|
|
[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)
| devDependencies | major | [`^16.10.0` ->
`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)
|
| [js-sha256](https://redirect.github.com/emn178/js-sha256) |
dependencies | patch | [`^0.11.0` ->
`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1) |
| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto) |
devDependencies | minor | [`^6.0.1` ->
`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2) |

---

### Release Notes

<details>
<summary>sverweij/dependency-cruiser (dependency-cruiser)</summary>

###
[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)

#### 🐛 fixes

-
[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)
fix(types): enable IDE autocompletion for OutputType candidates
([#&elastic#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))
(thanks [@&elastic#8203;sushichan044](https://redirect.github.com/sushichan044)
for the pull request!)
-
[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)
chore(types): removes now unused lint warning + associated comment

#### 📖 documentation

-
[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)
doc(cli): adds more references to the options, corrects typos

#### 👷 maintenance

-
[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)
refactor(report): replaces teamcity-service-messages with local
functions
([#&elastic#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))
-
[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)
chore(npm): updates external devDependencies

###
[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)

#### 🚨 breaking

-
[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)
chore!: drops support for node 18, 21 and 23 BREAKING
([#&elastic#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))

... so still supported are node ^20(.12), ^22 and >=24 and this will
remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year
and 7 months. However, dropping node versions is inevitable as
dependencies we use did this as well, and we want to keep up to date for
obvious reasons. We also believe that most of dependency-cruiser's users
have migrated away from node 18 (21, 23) a long time ago, given the
release dates of their successors (april 2023, 2024 and 2025
respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

#### 🧑‍🏭 maintenance

-
[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)
refactor!: replaces picocolors with native node:util/styleText
([#&elastic#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))

#### ♻️  life cycle management

-
[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/
[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)
build(npm): updates external dependencies

###
[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)

#### 🐛  fixes

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
fix(enrich): enables ignoring reachability (, instability) validations
as well
([#&elastic#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))
thanks [@&elastic#8203;hugotiger](https://redirect.github.com/hugotiger) for
raising the issue, reproduction repo and testing the beta('s) with the
fix!

#### 👷  maintenance

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
(same commit as the fix) - updates 3rd party dependencies a.o.
acorn-loose and acorn thanks
[@&elastic#8203;brocef](https://redirect.github.com/brocef) for alerting
there's an issue in acorn-loose that's fixed after bumping to latest.
-
[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)
fix(ci): fixes code scanning alerts on github actions
([#&elastic#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))

#### 🧹  chores

-
[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)
chore: lets prettier target .mjs as well
-
[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)
chore(npm): recreates package-lock

###
[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)

#### 📖 documentation

-
[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)
doc(real-world-samples): updates commander.js example picture (thanks
[@&elastic#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)
for noticing the previous graph displayed commander's internals as they
were 10 years ago)

#### 👷 maintenance

-
[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/
[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/
[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)
build(npm): updates external dependencies
-
[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)
chore: adds instructions for copilot
-
[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-fmt
([#&elastic#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))
-
[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-baseline
([#&elastic#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))

###
[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)

#### 🐛 fixes

-
[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)
fix: adds support for node v24
([#&elastic#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))
- thanks to [@&elastic#8203;7rulnik](https://redirect.github.com/7rulnik) for
the PR so quick after the official node 24 release!

#### 👷 maintenance and chores

-
[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)
build(npm): updates external dependencies
-
[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)
chore(ci): configures CodeQL for GitHub actions
([#&elastic#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))
-
[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)
chore: adds 7rulnik to contributors in package manifest

###
[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)

#### 🐛 fixes

-
[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)
fix(enrich/derive): makes reachable calculation faster
([#&elastic#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))
- thanks to [@&elastic#8203;neelance](https://redirect.github.com/neelance) for
the improvement suggestion as well as the patch the PR was built on!

#### 👷 maintenance

-
[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)
build(npm): updates external dependencies

</details>

<details>
<summary>node-saml/xml-crypto (xml-crypto)</summary>

###
[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)

- Remove all reference XML data if any are corrupted
([#&elastic#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))
([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))

###
[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)

- Adjust deprecation to better reflect real-world usage
([#&elastic#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))
([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))

###
[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)

- Introduce new .getSignedReferences() function of signature to help
prevent signature wrapping attacks
([#&elastic#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))
([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://elastic.slack.com/archives/C07AMD4CNUR) if that's
undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->

---------

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 249b6fe)

# Conflicts:
#	package.json
#	yarn.lock
@legrego legrego mentioned this pull request Aug 27, 2025
Merged
@legrego
Copy link
Member

legrego commented Aug 27, 2025

💚 All backports created successfully

Status Branch Result
8.19
8.18

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

legrego added a commit that referenced this pull request Aug 28, 2025
@legrego @elastic-renovate-prod @kibanamachine
[8.19] Update platform security modules (main) (#232111) (#233164)
d75c6e8 
# Backport

This will backport the following commits from `main` to `8.19`:
- [Update platform security modules (main)
(#232111)](#232111)

<!--- Backport version: 10.0.1 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT
[{"author":{"name":"elastic-renovate-prod[bot]","email":"174716857+elastic-renovate-prod[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-08-27T13:48:11Z","message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:prev-minor","backport:prev-major","v9.2.0"],"title":"Update
platform security modules
(main)","number":232111,"url":"https://github.com/elastic/kibana/pull/232111","mergeCommit":{"message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/232111","number":232111,"mergeCommit":{"message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8"}},{"url":"https://github.com/elastic/kibana/pull/233116","number":233116,"branch":"9.1","state":"OPEN"}]}]
BACKPORT-->

---------

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
legrego added a commit that referenced this pull request Aug 28, 2025
@legrego @elastic-renovate-prod @kibanamachine
[8.18] Update platform security modules (main) (#232111) (#233165)
6b87a8d 
# Backport

This will backport the following commits from `main` to `8.18`:
- [Update platform security modules (main)
(#232111)](#232111)

<!--- Backport version: 10.0.1 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT
[{"author":{"name":"elastic-renovate-prod[bot]","email":"174716857+elastic-renovate-prod[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-08-27T13:48:11Z","message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:prev-minor","backport:prev-major","v9.2.0"],"title":"Update
platform security modules
(main)","number":232111,"url":"https://github.com/elastic/kibana/pull/232111","mergeCommit":{"message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/232111","number":232111,"mergeCommit":{"message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8"}},{"url":"https://github.com/elastic/kibana/pull/233116","number":233116,"branch":"9.1","state":"OPEN"}]}]
BACKPORT-->

---------

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine added v8.18.6 backport missing Added to PRs automatically when the are determined to be missing a backport. labels Aug 28, 2025
@kibanamachine
Copy link
Contributor

Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync.

kibanamachine added a commit that referenced this pull request Aug 29, 2025
@kibanamachine @elastic-renovate-prod
@legrego @elasticmachine
[9.1] Update platform security modules (main) (#232111) (#233116)
bfed72d 
# Backport

This will backport the following commits from `main` to `9.1`:
- [Update platform security modules (main)
(#232111)](#232111)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT
[{"author":{"name":"elastic-renovate-prod[bot]","email":"174716857+elastic-renovate-prod[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-08-27T13:48:11Z","message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:prev-minor","backport:prev-major","v9.2.0"],"title":"Update
platform security modules
(main)","number":232111,"url":"https://github.com/elastic/kibana/pull/232111","mergeCommit":{"message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/232111","number":232111,"mergeCommit":{"message":"Update
platform security modules (main) (#232111)\n\nThis PR contains the
following updates:\n\n| Package | Type | Update | Change
|\n|---|---|---|---|\n|\n[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))\n|
devDependencies | patch | [`^4.17.16`
->\n`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)\n|\n|\n[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)\n([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))\n|
devDependencies | patch | [`^1.3.11`
->\n`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)\n|\n|\n[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)\n|
devDependencies | major | [`^16.10.0`
->\n`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)\n|\n|
[js-sha256](https://redirect.github.com/emn178/js-sha256)
|\ndependencies | patch | [`^0.11.0`
->\n`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1)
|\n| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto)
|\ndevDependencies | minor | [`^6.0.1`
->\n`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2)
|\n\n---\n\n### Release
Notes\n\n<details>\n<summary>sverweij/dependency-cruiser
(dependency-cruiser)</summary>\n\n###\n[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)\n\n####
🐛
fixes\n\n-\n[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)\nfix(types):
enable IDE autocompletion for OutputType
candidates\n([#&#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))\n(thanks
[@&#8203;sushichan044](https://redirect.github.com/sushichan044)\nfor
the pull
request!)\n-\n[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)\nchore(types):
removes now unused lint warning + associated comment\n\n#### 📖
documentation\n\n-\n[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)\ndoc(cli):
adds more references to the options, corrects typos\n\n#### 👷
maintenance\n\n-\n[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)\nrefactor(report):
replaces teamcity-service-messages with
local\nfunctions\n([#&#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))\n-\n[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)\nchore(npm):
updates external
devDependencies\n\n###\n[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)\n\n####
🚨
breaking\n\n-\n[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)\nchore!:
drops support for node 18, 21 and 23
BREAKING\n([#&#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))\n\n...
so still supported are node ^20(.12), ^22 and >=24 and this will\nremain
so at least as long as node.js supports hem.\n\nWe try to prevent
breaking changes - and have been able to for ~a year\nand 7 months.
However, dropping node versions is inevitable as\ndependencies we use
did this as well, and we want to keep up to date for\nobvious reasons.
We also believe that most of dependency-cruiser's users\nhave migrated
away from node 18 (21, 23) a long time ago, given the\nrelease dates of
their successors (april 2023, 2024 and 2025\nrespectively) - so the
impact should be minimal.\n\nReference:
https://nodejs.org/en/about/previous-releases\n\n#### 🧑‍🏭
maintenance\n\n-\n[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)\nrefactor!:
replaces picocolors with native
node:util/styleText\n([#&#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))\n\n####
♻️ life cycle
management\n\n-\n[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/\n[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)\nbuild(npm):
updates external
dependencies\n\n###\n[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)\n\n####
🐛
fixes\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\nfix(enrich):
enables ignoring reachability (, instability) validations\nas
well\n([#&#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))\nthanks
[@&#8203;hugotiger](https://redirect.github.com/hugotiger) for\nraising
the issue, reproduction repo and testing the beta('s) with
the\nfix!\n\n#### 👷
maintenance\n\n-\n[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)\n(same
commit as the fix) - updates 3rd party dependencies a.o.\nacorn-loose
and acorn thanks\n[@&#8203;brocef](https://redirect.github.com/brocef)
for alerting\nthere's an issue in acorn-loose that's fixed after bumping
to
latest.\n-\n[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)\nfix(ci):
fixes code scanning alerts on github
actions\n([#&#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))\n\n####
🧹
chores\n\n-\n[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)\nchore:
lets prettier target .mjs as
well\n-\n[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)\nchore(npm):
recreates
package-lock\n\n###\n[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)\n\n####
📖
documentation\n\n-\n[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)\ndoc(real-world-samples):
updates commander.js example picture
(thanks\n[@&#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)\nfor
noticing the previous graph displayed commander's internals as
they\nwere 10 years ago)\n\n#### 👷
maintenance\n\n-\n[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/\n[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/\n[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)\nbuild(npm):
updates external
dependencies\n-\n[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)\nchore:
adds instructions for
copilot\n-\n[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-fmt\n([#&#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))\n-\n[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)\nrefactor(cli):
replaces commander with node:util/parseArgs
-\ndepcruise-baseline\n([#&#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))\n\n###\n[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)\n\n####
🐛
fixes\n\n-\n[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)\nfix:
adds support for node
v24\n([#&#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))\n-
thanks to [@&#8203;7rulnik](https://redirect.github.com/7rulnik)
for\nthe PR so quick after the official node 24 release!\n\n#### 👷
maintenance and
chores\n\n-\n[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)\nbuild(npm):
updates external
dependencies\n-\n[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)\nchore(ci):
configures CodeQL for GitHub
actions\n([#&#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))\n-\n[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)\nchore:
adds 7rulnik to contributors in package
manifest\n\n###\n[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)\n\n[Compare\nSource](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)\n\n####
🐛
fixes\n\n-\n[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)\nfix(enrich/derive):
makes reachable calculation
faster\n([#&#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))\n-
thanks to [@&#8203;neelance](https://redirect.github.com/neelance)
for\nthe improvement suggestion as well as the patch the PR was built
on!\n\n#### 👷
maintenance\n\n-\n[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)\nbuild(npm):
updates external
dependencies\n\n</details>\n\n<details>\n<summary>node-saml/xml-crypto
(xml-crypto)</summary>\n\n###\n[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)\n\n-
Remove all reference XML data if any are
corrupted\n([#&#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))\n([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))\n\n###\n[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)\n\n-
Adjust deprecation to better reflect real-world
usage\n([#&#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))\n([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))\n\n###\n[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)\n\n[Compare\nSource](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)\n\n-
Introduce new .getSignedReferences() function of signature to
help\nprevent signature wrapping
attacks\n([#&#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))\n([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))\n\n</details>\n\n---\n\n###
Configuration\n\n📅 **Schedule**: Branch creation - At any time (no
schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted,
or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will
be recreated if closed unmerged. Get\n[config
help](https://elastic.slack.com/archives/C07AMD4CNUR) if
that's\nundesired.\n\n---\n\n- [ ] If you want to rebase/retry this PR,
check\nthis box\n\n---\n\nThis PR has been generated by
[Renovate\nBot](https://redirect.github.com/renovatebot/renovate).\n\n\n\n---------\n\nCo-authored-by:
elastic-renovate-prod[bot]
<174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Larry
Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"249b6fe7a786af3eecafa0b42589a59096c8ebe8"}}]}]
BACKPORT-->

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@kibanamachine kibanamachine added v9.1.3 and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Aug 29, 2025
kowalczyk-krzysztof pushed a commit to kowalczyk-krzysztof/kibana that referenced this pull request Aug 30, 2025
@elastic-renovate-prod @kibanamachine
@legrego @elasticmachine @kowalczyk-krzysztof
Update platform security modules (main) (elastic#232111)
6829cef 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))
| devDependencies | patch | [`^4.17.16` ->
`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)
|
|
[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))
| devDependencies | patch | [`^1.3.11` ->
`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)
|
|
[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)
| devDependencies | major | [`^16.10.0` ->
`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)
|
| [js-sha256](https://redirect.github.com/emn178/js-sha256) |
dependencies | patch | [`^0.11.0` ->
`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1) |
| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto) |
devDependencies | minor | [`^6.0.1` ->
`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2) |

---

### Release Notes

<details>
<summary>sverweij/dependency-cruiser (dependency-cruiser)</summary>

###
[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)

#### 🐛 fixes

-
[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)
fix(types): enable IDE autocompletion for OutputType candidates
([#&elastic#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))
(thanks [@&elastic#8203;sushichan044](https://redirect.github.com/sushichan044)
for the pull request!)
-
[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)
chore(types): removes now unused lint warning + associated comment

#### 📖 documentation

-
[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)
doc(cli): adds more references to the options, corrects typos

#### 👷 maintenance

-
[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)
refactor(report): replaces teamcity-service-messages with local
functions
([#&elastic#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))
-
[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)
chore(npm): updates external devDependencies

###
[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)

#### 🚨 breaking

-
[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)
chore!: drops support for node 18, 21 and 23 BREAKING
([#&elastic#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))

... so still supported are node ^20(.12), ^22 and >=24 and this will
remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year
and 7 months. However, dropping node versions is inevitable as
dependencies we use did this as well, and we want to keep up to date for
obvious reasons. We also believe that most of dependency-cruiser's users
have migrated away from node 18 (21, 23) a long time ago, given the
release dates of their successors (april 2023, 2024 and 2025
respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

#### 🧑‍🏭 maintenance

-
[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)
refactor!: replaces picocolors with native node:util/styleText
([#&elastic#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))

#### ♻️  life cycle management

-
[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/
[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)
build(npm): updates external dependencies

###
[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)

#### 🐛  fixes

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
fix(enrich): enables ignoring reachability (, instability) validations
as well
([#&elastic#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))
thanks [@&elastic#8203;hugotiger](https://redirect.github.com/hugotiger) for
raising the issue, reproduction repo and testing the beta('s) with the
fix!

#### 👷  maintenance

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
(same commit as the fix) - updates 3rd party dependencies a.o.
acorn-loose and acorn thanks
[@&elastic#8203;brocef](https://redirect.github.com/brocef) for alerting
there's an issue in acorn-loose that's fixed after bumping to latest.
-
[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)
fix(ci): fixes code scanning alerts on github actions
([#&elastic#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))

#### 🧹  chores

-
[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)
chore: lets prettier target .mjs as well
-
[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)
chore(npm): recreates package-lock

###
[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)

#### 📖 documentation

-
[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)
doc(real-world-samples): updates commander.js example picture (thanks
[@&elastic#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)
for noticing the previous graph displayed commander's internals as they
were 10 years ago)

#### 👷 maintenance

-
[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/
[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/
[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)
build(npm): updates external dependencies
-
[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)
chore: adds instructions for copilot
-
[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-fmt
([#&elastic#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))
-
[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-baseline
([#&elastic#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))

###
[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)

#### 🐛 fixes

-
[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)
fix: adds support for node v24
([#&elastic#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))
- thanks to [@&elastic#8203;7rulnik](https://redirect.github.com/7rulnik) for
the PR so quick after the official node 24 release!

#### 👷 maintenance and chores

-
[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)
build(npm): updates external dependencies
-
[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)
chore(ci): configures CodeQL for GitHub actions
([#&elastic#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))
-
[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)
chore: adds 7rulnik to contributors in package manifest

###
[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)

#### 🐛 fixes

-
[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)
fix(enrich/derive): makes reachable calculation faster
([#&elastic#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))
- thanks to [@&elastic#8203;neelance](https://redirect.github.com/neelance) for
the improvement suggestion as well as the patch the PR was built on!

#### 👷 maintenance

-
[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)
build(npm): updates external dependencies

</details>

<details>
<summary>node-saml/xml-crypto (xml-crypto)</summary>

###
[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)

- Remove all reference XML data if any are corrupted
([#&elastic#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))
([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))

###
[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)

- Adjust deprecation to better reflect real-world usage
([#&elastic#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))
([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))

###
[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)

- Introduce new .getSignedReferences() function of signature to help
prevent signature wrapping attacks
([#&elastic#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))
([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://elastic.slack.com/archives/C07AMD4CNUR) if that's
undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->

---------

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
qn895 pushed a commit to qn895/kibana that referenced this pull request Sep 2, 2025
@elastic-renovate-prod @kibanamachine
@legrego @elasticmachine @qn895
Update platform security modules (main) (elastic#232111)
88f7057 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash))
| devDependencies | patch | [`^4.17.16` ->
`^4.17.20`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.16/4.17.20)
|
|
[@types/node-forge](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge))
| devDependencies | patch | [`^1.3.11` ->
`^1.3.13`](https://renovatebot.com/diffs/npm/@types%2fnode-forge/1.3.11/1.3.13)
|
|
[dependency-cruiser](https://redirect.github.com/sverweij/dependency-cruiser)
| devDependencies | major | [`^16.10.0` ->
`^17.0.1`](https://renovatebot.com/diffs/npm/dependency-cruiser/16.10.0/17.0.1)
|
| [js-sha256](https://redirect.github.com/emn178/js-sha256) |
dependencies | patch | [`^0.11.0` ->
`^0.11.1`](https://renovatebot.com/diffs/npm/js-sha256/0.11.1/0.11.1) |
| [xml-crypto](https://redirect.github.com/node-saml/xml-crypto) |
devDependencies | minor | [`^6.0.1` ->
`^6.1.2`](https://renovatebot.com/diffs/npm/xml-crypto/6.0.1/6.1.2) |

---

### Release Notes

<details>
<summary>sverweij/dependency-cruiser (dependency-cruiser)</summary>

###
[`v17.0.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v17.0.0...v17.0.1)

#### 🐛 fixes

-
[`2f31ab0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/2f31ab0e)
fix(types): enable IDE autocompletion for OutputType candidates
([#&elastic#8203;1005](https://redirect.github.com/sverweij/dependency-cruiser/issues/1005))
(thanks [@&elastic#8203;sushichan044](https://redirect.github.com/sushichan044)
for the pull request!)
-
[`4dbfa19`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4dbfa19a)
chore(types): removes now unused lint warning + associated comment

#### 📖 documentation

-
[`7f3e5fc`](https://redirect.github.com/sverweij/dependency-cruiser/commit/7f3e5fcb)
doc(cli): adds more references to the options, corrects typos

#### 👷 maintenance

-
[`d339300`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3393004)
refactor(report): replaces teamcity-service-messages with local
functions
([#&elastic#8203;1008](https://redirect.github.com/sverweij/dependency-cruiser/issues/1008))
-
[`990d139`](https://redirect.github.com/sverweij/dependency-cruiser/commit/990d1397)
chore(npm): updates external devDependencies

###
[`v17.0.0`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v17.0.0)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.4...v17.0.0)

#### 🚨 breaking

-
[`a20a11c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a20a11ca)
chore!: drops support for node 18, 21 and 23 BREAKING
([#&elastic#8203;1004](https://redirect.github.com/sverweij/dependency-cruiser/issues/1004))

... so still supported are node ^20(.12), ^22 and >=24 and this will
remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year
and 7 months. However, dropping node versions is inevitable as
dependencies we use did this as well, and we want to keep up to date for
obvious reasons. We also believe that most of dependency-cruiser's users
have migrated away from node 18 (21, 23) a long time ago, given the
release dates of their successors (april 2023, 2024 and 2025
respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

#### 🧑‍🏭 maintenance

-
[`684e123`](https://redirect.github.com/sverweij/dependency-cruiser/commit/684e1230)
refactor!: replaces picocolors with native node:util/styleText
([#&elastic#8203;1002](https://redirect.github.com/sverweij/dependency-cruiser/issues/1002))

#### ♻️  life cycle management

-
[`a2cfc91`](https://redirect.github.com/sverweij/dependency-cruiser/commit/a2cfc917)/
[`3f258c1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/3f258c13)
build(npm): updates external dependencies

###
[`v16.10.4`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.4)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.3...v16.10.4)

#### 🐛  fixes

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
fix(enrich): enables ignoring reachability (, instability) validations
as well
([#&elastic#8203;999](https://redirect.github.com/sverweij/dependency-cruiser/issues/999))
thanks [@&elastic#8203;hugotiger](https://redirect.github.com/hugotiger) for
raising the issue, reproduction repo and testing the beta('s) with the
fix!

#### 👷  maintenance

-
[`06b548a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/06b548a0)
(same commit as the fix) - updates 3rd party dependencies a.o.
acorn-loose and acorn thanks
[@&elastic#8203;brocef](https://redirect.github.com/brocef) for alerting
there's an issue in acorn-loose that's fixed after bumping to latest.
-
[`66f1e32`](https://redirect.github.com/sverweij/dependency-cruiser/commit/66f1e328)
fix(ci): fixes code scanning alerts on github actions
([#&elastic#8203;1000](https://redirect.github.com/sverweij/dependency-cruiser/issues/1000))

#### 🧹  chores

-
[`581596a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/581596ae)
chore: lets prettier target .mjs as well
-
[`62e8fc6`](https://redirect.github.com/sverweij/dependency-cruiser/commit/62e8fc62)
chore(npm): recreates package-lock

###
[`v16.10.3`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.3)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.2...v16.10.3)

#### 📖 documentation

-
[`48a9e2a`](https://redirect.github.com/sverweij/dependency-cruiser/commit/48a9e2a4)
doc(real-world-samples): updates commander.js example picture (thanks
[@&elastic#8203;cristiano-belloni](https://redirect.github.com/cristiano-belloni)
for noticing the previous graph displayed commander's internals as they
were 10 years ago)

#### 👷 maintenance

-
[`9db465e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/9db465e8)/
[`35e1f9c`](https://redirect.github.com/sverweij/dependency-cruiser/commit/35e1f9c9)/
[`d3e38d1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d3e38d11)
build(npm): updates external dependencies
-
[`13616e4`](https://redirect.github.com/sverweij/dependency-cruiser/commit/13616e4c)
chore: adds instructions for copilot
-
[`6aa6e82`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6aa6e824)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-fmt
([#&elastic#8203;995](https://redirect.github.com/sverweij/dependency-cruiser/issues/995))
-
[`d5bf4bd`](https://redirect.github.com/sverweij/dependency-cruiser/commit/d5bf4bd8)
refactor(cli): replaces commander with node:util/parseArgs -
depcruise-baseline
([#&elastic#8203;994](https://redirect.github.com/sverweij/dependency-cruiser/issues/994))

###
[`v16.10.2`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.2)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.1...v16.10.2)

#### 🐛 fixes

-
[`4fc3732`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4fc3732f)
fix: adds support for node v24
([#&elastic#8203;993](https://redirect.github.com/sverweij/dependency-cruiser/issues/993))
- thanks to [@&elastic#8203;7rulnik](https://redirect.github.com/7rulnik) for
the PR so quick after the official node 24 release!

#### 👷 maintenance and chores

-
[`4bc31b1`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4bc31b12)
build(npm): updates external dependencies
-
[`6ad4f12`](https://redirect.github.com/sverweij/dependency-cruiser/commit/6ad4f125)
chore(ci): configures CodeQL for GitHub actions
([#&elastic#8203;992](https://redirect.github.com/sverweij/dependency-cruiser/issues/992))
-
[`699f19e`](https://redirect.github.com/sverweij/dependency-cruiser/commit/699f19e1)
chore: adds 7rulnik to contributors in package manifest

###
[`v16.10.1`](https://redirect.github.com/sverweij/dependency-cruiser/releases/tag/v16.10.1)

[Compare
Source](https://redirect.github.com/sverweij/dependency-cruiser/compare/v16.10.0...v16.10.1)

#### 🐛 fixes

-
[`42ea09b`](https://redirect.github.com/sverweij/dependency-cruiser/commit/42ea09b2)
fix(enrich/derive): makes reachable calculation faster
([#&elastic#8203;990](https://redirect.github.com/sverweij/dependency-cruiser/issues/990))
- thanks to [@&elastic#8203;neelance](https://redirect.github.com/neelance) for
the improvement suggestion as well as the patch the PR was built on!

#### 👷 maintenance

-
[`4b75ec0`](https://redirect.github.com/sverweij/dependency-cruiser/commit/4b75ec0d)
build(npm): updates external dependencies

</details>

<details>
<summary>node-saml/xml-crypto (xml-crypto)</summary>

###
[`v6.1.2`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.2)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.1...v6.1.2)

- Remove all reference XML data if any are corrupted
([#&elastic#8203;502](https://redirect.github.com/node-saml/xml-crypto/issues/502))
([`cac1c8d`](https://redirect.github.com/node-saml/xml-crypto/commit/cac1c8d))

###
[`v6.1.1`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.1)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.1.0...v6.1.1)

- Adjust deprecation to better reflect real-world usage
([#&elastic#8203;499](https://redirect.github.com/node-saml/xml-crypto/issues/499))
([`ab1c69e`](https://redirect.github.com/node-saml/xml-crypto/commit/ab1c69e))

###
[`v6.1.0`](https://redirect.github.com/node-saml/xml-crypto/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/node-saml/xml-crypto/compare/v6.0.1...v6.1.0)

- Introduce new .getSignedReferences() function of signature to help
prevent signature wrapping attacks
([#&elastic#8203;489](https://redirect.github.com/node-saml/xml-crypto/issues/489))
([`badaf20`](https://redirect.github.com/node-saml/xml-crypto/commit/badaf20))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://elastic.slack.com/archives/C07AMD4CNUR) if that's
undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->

---------

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janmonschke janmonschke janmonschke approved these changes

@ymao1 ymao1 ymao1 approved these changes

@elena-shostak elena-shostak elena-shostak approved these changes

Assignees

No one assigned

Labels

release_note:skip Skip the PR/issue when compiling release notes Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v8.18.6 v8.19.3 v9.1.3 v9.2.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@elasticmachine @legrego @janmonschke @azasypkin @kibanamachine @ymao1 @elena-shostak