Fix for OCPBUGS-98164: CVE-2026-13676#1051
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@germanparente: This pull request references Jira Issue OCPBUGS-98164, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: germanparente The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@germanparente was |
|
/jira refresh |
|
@germanparente: This pull request references Jira Issue OCPBUGS-98164, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@jgbernalp you are right. It was preventive but the best would be to close this PR and mark jira as not a bug. Apologies for the noise and thanks a lot for your review. |
|
@germanparente: This pull request references Jira Issue OCPBUGS-98164. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@germanparente: This pull request references Jira Issue OCPBUGS-98164, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@jgbernalp in fact, it's better to re-open. Since the CVE in 4.17 needs to be fixed, I would say this preventive commit could make sense. Do you agree ? |
|
@germanparente: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/jira refresh |
|
@germanparente: This pull request references Jira Issue OCPBUGS-98164, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/jira refresh |
|
@germanparente: This pull request references Jira Issue OCPBUGS-98164, which is valid. The bug has been moved to the POST state. 7 validation(s) were run on this bug
Requesting review from QA contact: DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: germanparente. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Summary
fast-uri(CVSS 7.5)fast-urioverride pinned to3.1.3inweb/package.json(preventive — current dependency tree usesuri-jsviaajv6.12.6, but the override ensures protection if a future dependency update introducesfast-uri)🤖 Generated with Claude Code