privilegedescalation/headlamp-argocd-plugin
Archived
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 2 Wiki Activity

fix: override lodash >=4.18.0 to patch code injection vulnerability (#7)

Browse Source 
* fix: override lodash >=4.18.0 to patch code injection vulnerability

GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash
below 4.18.0. The vulnerable transitive dependency comes through
@kinvolk/headlamp-plugin.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* Regenerate lockfile for lodash override

Co-Authored-By: Paperclip <noreply@paperclip.ing>

---------

Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #7.
This commit is contained in:
privilegedescalation-engineer[bot]
2026-05-04 03:24:00 +00:00
committed by GitHub
parent 59c176621f
commit 730f7cbe54
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+4 -1
View File
@@ -56,5 +56,8 @@
"typescript": "~5.6.2",
"undici": "^7.24.3",
"vitest": "^3.0.5"
},
"overrides": {
"lodash": ">=4.18.0"
}
}
}