Skip to content

OCPBUGS-94054: Upgrade fast-uri to v3.1.3#236

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
pcbailey:cve/94054--CVE-2026-13676--fast-uri--main
Jul 9, 2026
Merged

OCPBUGS-94054: Upgrade fast-uri to v3.1.3#236
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
pcbailey:cve/94054--CVE-2026-13676--fast-uri--main

Conversation

@pcbailey

@pcbailey pcbailey commented Jul 8, 2026

Copy link
Copy Markdown

Upgrade fast-uri to v3.1.3 to fix CVE-2026-13676.

Jira: https://redhat.atlassian.net/browse/OCPBUGS-94054

Summary by CodeRabbit

  • Chores
    • Updated a bundled package resolution to a newer patch version for improved reliability and maintenance.

@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Jul 8, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@pcbailey: This pull request references Jira Issue OCPBUGS-94054, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lkladnit

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Upgrade fast-uri to v3.1.3 to fix CVE-2026-13676.

Jira: https://redhat.atlassian.net/browse/OCPBUGS-94054

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pcbailey

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 8, 2026
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 949e6345-b1ed-472d-9231-8e147f28af8d

📥 Commits

Reviewing files that changed from the base of the PR and between 19c58a7 and f3255bf.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json

Walkthrough

The overrides section in package.json updates the resolved version of the fast-uri dependency from 3.1.2 to 3.1.3. No other changes are made.

Changes

Dependency Override Update

Layer / File(s) Summary
Update fast-uri override version
package.json
The fast-uri override entry is bumped from version 3.1.2 to 3.1.3.

Estimated code review effort: 1 (Trivial) | ~2 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: upgrading fast-uri to version 3.1.3.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Only fast-uri override entries changed in package.json/package-lock.json; no test files or Ginkgo titles were added or modified.
Test Structure And Quality ✅ Passed PR only updates package.json/package-lock.json to bump fast-uri; no Ginkgo tests or test code changed, so this test-quality check is not applicable.
Microshift Test Compatibility ✅ Passed Only package.json/package-lock changed; no Ginkgo/e2e test files or test declarations were added, so MicroShift compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new Ginkgo tests or test code were added; only package metadata/dependency overrides changed, so SNO compatibility is not implicated.
Topology-Aware Scheduling Compatibility ✅ Passed Only package.json and package-lock.json changed; no deployment manifests, operator code, or controllers were modified.
Ote Binary Stdout Contract ✅ Passed PR only updates fast-uri in package.json/package-lock.json; no process-level code or stdout-writing setup was added.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed PR only bumps fast-uri in package.json/package-lock; no Ginkgo tests or networking code were added.
No-Weak-Crypto ✅ Passed Patch only bumps fast-uri from 3.1.2 to 3.1.3 in package manifests; no MD5/SHA1/DES/RC4/ECB, custom crypto, or secret comparisons added.
Container-Privileges ✅ Passed PR only updates fast-uri in package.json/package-lock.json; no container/K8s manifests changed and no privileged/root settings were introduced.
No-Sensitive-Data-In-Logs ✅ Passed Only dependency overrides/lockfile entries changed for fast-uri; no logging code or sensitive data exposure was added.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@openshift-ci-robot

Copy link
Copy Markdown

@pcbailey: This pull request references Jira Issue OCPBUGS-94054, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lkladnit

Details

In response to this:

Upgrade fast-uri to v3.1.3 to fix CVE-2026-13676.

Jira: https://redhat.atlassian.net/browse/OCPBUGS-94054

Summary by CodeRabbit

  • Chores
  • Updated a bundled package resolution to a newer patch version for improved reliability and maintenance.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@pcbailey

pcbailey commented Jul 8, 2026

Copy link
Copy Markdown
Author

/retest

@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown

@pcbailey: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@Parthivk100

Copy link
Copy Markdown

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 9, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit 80c9f56 into openshift:main Jul 9, 2026
4 checks passed
@openshift-ci-robot

Copy link
Copy Markdown

@pcbailey: Jira Issue OCPBUGS-94054: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-94054 has been moved to the MODIFIED state.

Details

In response to this:

Upgrade fast-uri to v3.1.3 to fix CVE-2026-13676.

Jira: https://redhat.atlassian.net/browse/OCPBUGS-94054

Summary by CodeRabbit

  • Chores
  • Updated a bundled package resolution to a newer patch version for improved reliability and maintenance.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants