Skip to content

chore(deps): [main] bump form-data to 4.0.6, 2.5.6 or higher#5048

Open
alizard0 wants to merge 1 commit into
redhat-developer:mainfrom
alizard0:RHDHBUGS-3392
Open

chore(deps): [main] bump form-data to 4.0.6, 2.5.6 or higher#5048
alizard0 wants to merge 1 commit into
redhat-developer:mainfrom
alizard0:RHDHBUGS-3392

Conversation

@alizard0

@alizard0 alizard0 commented Jul 3, 2026

Copy link
Copy Markdown
Member

It bumps form-data to 2.5.6 or higher in dynamic-plugins to fix CVE-2026-12143
https://redhat.atlassian.net/browse/RHDHBUGS-3392

dynamic-plugins-root@1.11.0 /Users/alizardo/Documents/engineering/github/rhdh/dynamic-plugins
├─┬ backstage-community-plugin-scaffolder-backend-module-kubernetes@2.17.1 -> ./wrappers/backstage-community-plugin-scaffolder-backend-module-kubernetes-dynamic
│ └─┬ @backstage-community/plugin-scaffolder-backend-module-kubernetes@2.17.1
│   └─┬ @kubernetes/client-node@1.4.0
│     ├─┬ @types/node-fetch@2.6.13
│     │ └── form-data@4.0.6 deduped
│     └── form-data@4.0.6
├─┬ backstage-community-plugin-tech-radar-backend@1.16.0 -> ./wrappers/backstage-community-plugin-tech-radar-backend-dynamic
│ └─┬ @backstage-community/plugin-tech-radar-backend@1.16.0
│   └─┬ @backstage/backend-defaults@0.16.0
│     └─┬ @google-cloud/storage@7.19.0
│       └─┬ retry-request@7.0.2
│         └─┬ @types/request@2.48.13
│           └── form-data@2.5.6
├─┬ backstage-plugin-catalog-backend-module-gitlab-org@0.2.22 -> ./wrappers/backstage-plugin-catalog-backend-module-gitlab-org-dynamic
│ └─┬ @backstage/plugin-catalog-backend-module-gitlab@0.8.4
│   └─┬ @backstage/backend-defaults@0.17.3
│     └─┬ infinispan@0.13.0
│       └─┬ urllib@4.9.0
│         └── form-data@4.0.6 deduped
├─┬ red-hat-developer-hub-backstage-plugin-bulk-import-backend@7.3.5 -> ./wrappers/red-hat-developer-hub-backstage-plugin-bulk-import-backend-dynamic
│ └─┬ @red-hat-developer-hub/backstage-plugin-bulk-import-backend@7.3.5
│   └─┬ @red-hat-developer-hub/backstage-plugin-orchestrator-common@3.5.1
│     └─┬ axios@1.16.1
│       └── form-data@4.0.6 deduped
├─┬ red-hat-developer-hub-backstage-plugin-catalog-backend-module-extensions@0.18.0 -> ./wrappers/red-hat-developer-hub-backstage-plugin-catalog-backend-module-extensions-dynamic
│ └─┬ @red-hat-developer-hub/backstage-plugin-catalog-backend-module-extensions@0.18.0
│   └─┬ @backstage/backend-dynamic-feature-service@0.8.3
│     └─┬ @backstage/backend-defaults@0.17.3
│       └─┬ infinispan@0.13.0
│         └─┬ urllib@4.9.0
│           └── form-data@4.0.6 deduped
└─┬ red-hat-developer-hub-backstage-plugin-extensions-backend@0.18.0 -> ./wrappers/red-hat-developer-hub-backstage-plugin-extensions-backend-dynamic
  └─┬ @red-hat-developer-hub/backstage-plugin-extensions-backend@0.18.0
    └─┬ @backstage/backend-defaults@0.17.3
      └─┬ infinispan@0.13.0
        └─┬ urllib@4.9.0
          └── form-data@4.0.6 deduped

@openshift-ci openshift-ci Bot requested review from sanketpathak and teknaS47 July 3, 2026 15:35
@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

@codecov

codecov Bot commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.77%. Comparing base (2cfd547) to head (2ebc2bf).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #5048      +/-   ##
==========================================
- Coverage   55.39%   54.77%   -0.62%     
==========================================
  Files         122      110      -12     
  Lines        2365     2147     -218     
  Branches      563      518      -45     
==========================================
- Hits         1310     1176     -134     
+ Misses       1048      970      -78     
+ Partials        7        1       -6     
Flag Coverage Δ
rhdh 54.77% <ø> (-0.62%) ⬇️

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2cfd547...2ebc2bf. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Omar-AlJaljuli Omar-AlJaljuli left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@alizard0

alizard0 commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

/retest-required

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown

@alizard0: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/images 2ebc2bf link true /test images
ci/prow/e2e-ocp-helm 2ebc2bf link true /test e2e-ocp-helm

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants