Skip to content

chore(deps): [main] bump fast-uri to 3.1.3#5050

Open
alizard0 wants to merge 1 commit into
redhat-developer:mainfrom
alizard0:RHIDP-15163-1
Open

chore(deps): [main] bump fast-uri to 3.1.3#5050
alizard0 wants to merge 1 commit into
redhat-developer:mainfrom
alizard0:RHIDP-15163-1

Conversation

@alizard0

@alizard0 alizard0 commented Jul 3, 2026

Copy link
Copy Markdown
Member

It bumps fast-uri to 3.1.3 to fix CVE-2026-13676
related to https://redhat.atlassian.net/browse/RHIDP-15163

Running yarn install in /Users/alizardo/Documents/engineering/github/rhdh/dynamic-plugins ...
CVE-2026-13676 fast-uri
  patch: 4.0.1, 3.1.3
  affected: >= 4.0.0, < 4.0.1, >= 2.3.1, < 3.1.3
dynamic-plugins-root@1.11.0 /Users/alizardo/Documents/engineering/github/rhdh/dynamic-plugins
└─┬ @backstage/cli-defaults@0.1.3
  └─┬ @backstage/cli-module-build@0.1.4
    └─┬ @backstage/config-loader@1.10.12
      └─┬ ajv@8.18.0
        └── fast-uri@3.1.0
Upgrading dependency with yarn up -R ...
dynamic-plugins-root@1.11.0 /Users/alizardo/Documents/engineering/github/rhdh/dynamic-plugins
└─┬ @backstage/cli-defaults@0.1.3
  └─┬ @backstage/cli-module-build@0.1.4
    └─┬ @backstage/config-loader@1.10.12
      └─┬ ajv@8.18.0
        └── fast-uri@3.1.3
Running yarn install in /Users/alizardo/Documents/engineering/github/rhdh ...
CVE-2026-13676 fast-uri
  patch: 4.0.1, 3.1.3
  affected: >= 4.0.0, < 4.0.1, >= 2.3.1, < 3.1.3
root@1.11.0 /Users/alizardo/Documents/engineering/github/rhdh
└─┬ @internal/plugin-licensed-users-info-backend@0.1.0 -> ./plugins/licensed-users-info-backend
  └─┬ @backstage/catalog-model@1.9.0
    └─┬ ajv@8.20.0
      └── fast-uri@3.1.2
Upgrading dependency with yarn up -R ...
root@1.11.0 /Users/alizardo/Documents/engineering/github/rhdh
└─┬ @internal/plugin-licensed-users-info-backend@0.1.0 -> ./plugins/licensed-users-info-backend
  └─┬ @backstage/catalog-model@1.9.0
    └─┬ ajv@8.20.0
      └── fast-uri@3.1.3

@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown

@alizard0: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/images 160320c link true /test images
ci/prow/e2e-ocp-helm 160320c link true /test e2e-ocp-helm

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@codecov

codecov Bot commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.39%. Comparing base (2cfd547) to head (160320c).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #5050   +/-   ##
=======================================
  Coverage   55.39%   55.39%           
=======================================
  Files         122      122           
  Lines        2365     2365           
  Branches      563      544   -19     
=======================================
  Hits         1310     1310           
- Misses       1048     1049    +1     
+ Partials        7        6    -1     
Flag Coverage Δ
rhdh 55.39% <ø> (ø)

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2cfd547...160320c. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant