Skip to content

CVE-2026-12143: Remediate CVE-2026-12143 in form-data for ccd-case-activity-api#630

Open
hmcts-github-ccd[bot] wants to merge 1 commit into
masterfrom
cve-2026-12143-48d62fbf-95b4-45cc-9fdc-c013a33a9271
Open

CVE-2026-12143: Remediate CVE-2026-12143 in form-data for ccd-case-activity-api#630
hmcts-github-ccd[bot] wants to merge 1 commit into
masterfrom
cve-2026-12143-48d62fbf-95b4-45cc-9fdc-c013a33a9271

Conversation

@hmcts-github-ccd

Copy link
Copy Markdown
Contributor

Summary:
Remediated CVE-2026-12143 by updating the Yarn lock resolution for the production form-data 4.x path from 4.0.5 to 4.0.6 using vendored Yarn 4.16.0. Active Node was v20.20.2 from .nvmrc. yarn install --immutable passed. Final production audit was refreshed to yarn-audit-known-issues and no longer contains CVE-2026-12143, GHSA-hmw2-7cc7-3qxx, or form-data; it still exits 1 due unrelated existing production advisories. yarn run lint passed with the existing single no-console warning, and yarn run test passed with 72 passing. No build/compile script or Dockerfile-derived build script is configured.

Resolved CVEs: CVE-2026-12143

Plan ID: 48d62fbf-95b4-45cc-9fdc-c013a33a9271

Approved by: james

@dinesh1patel dinesh1patel left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant