Skip to content

chore(deps): [main] bump form-data to 4.0.6, 3.0.5, 2.5.6 or higher#3660

Open
alizard0 wants to merge 2 commits into
mainfrom
fix-CVE-2026-12143
Open

chore(deps): [main] bump form-data to 4.0.6, 3.0.5, 2.5.6 or higher#3660
alizard0 wants to merge 2 commits into
mainfrom
fix-CVE-2026-12143

Conversation

@alizard0

@alizard0 alizard0 commented Jul 1, 2026

Copy link
Copy Markdown
Member

It bumps form-data to 4.0.6, 3.0.5, 2.5.6 or higher to fix CVE-2026-12143

@rhdh-gh-app

rhdh-gh-app Bot commented Jul 1, 2026

Copy link
Copy Markdown

Missing Changesets

The following package(s) are changed by this PR but do not have a changeset:

  • @red-hat-developer-hub/backstage-plugin-lightspeed-backend

See CONTRIBUTING.md for more information about how to add changesets.

Changed Packages

Package Name Package Path Changeset Bump Current Version
@red-hat-developer-hub/backstage-plugin-lightspeed-backend workspaces/lightspeed/plugins/lightspeed-backend none v2.9.1

@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.04%. Comparing base (c7f0beb) to head (3adb9bb).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3660      +/-   ##
==========================================
- Coverage   54.12%   54.04%   -0.08%     
==========================================
  Files        2344     2331      -13     
  Lines       89539    89275     -264     
  Branches    25076    25028      -48     
==========================================
- Hits        48460    48252     -208     
- Misses      39524    39567      +43     
+ Partials     1555     1456      -99     
Flag Coverage Δ *Carryforward flag
adoption-insights 83.70% <ø> (ø)
ai-integrations 67.95% <ø> (ø) Carriedforward from bb302d2
app-defaults 69.79% <ø> (ø) Carriedforward from bb302d2
augment 46.39% <ø> (ø) Carriedforward from bb302d2
boost 74.25% <ø> (-0.44%) ⬇️ Carriedforward from bb302d2
bulk-import 72.46% <ø> (ø) Carriedforward from bb302d2
cost-management 14.10% <ø> (ø) Carriedforward from bb302d2
dcm 61.81% <ø> (ø) Carriedforward from bb302d2
extensions 61.53% <ø> (ø) Carriedforward from bb302d2
global-floating-action-button 71.18% <ø> (ø) Carriedforward from bb302d2
global-header 59.71% <ø> (ø)
homepage 49.84% <ø> (ø) Carriedforward from bb302d2
install-dynamic-plugins 56.77% <ø> (ø) Carriedforward from bb302d2
konflux 91.49% <ø> (ø) Carriedforward from bb302d2
lightspeed 68.50% <ø> (ø)
mcp-integrations 85.46% <ø> (ø) Carriedforward from bb302d2
orchestrator 37.71% <ø> (ø)
quickstart 65.63% <ø> (ø)
sandbox 79.56% <ø> (ø) Carriedforward from bb302d2
scorecard 82.67% <ø> (ø) Carriedforward from bb302d2
theme 61.26% <ø> (ø) Carriedforward from bb302d2
translations 7.25% <ø> (ø) Carriedforward from bb302d2
x2a 78.68% <ø> (ø) Carriedforward from bb302d2

*This pull request uses carry forward flags. Click here to find out more.


Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c7f0beb...3adb9bb. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sonarqubecloud

sonarqubecloud Bot commented Jul 2, 2026

Copy link
Copy Markdown

@christoph-jerolimov

Copy link
Copy Markdown
Member

@alizard0 merge conflict in lightspeed.

Global header is flaky, cc @jrichter1 -- It's fine if you want merge it anyway to get your security fixes in or if you rerun the job two three times..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants