privilegedescalation/headlamp-argocd-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 2 Wiki Activity

fix: override lodash >=4.18.0 to patch code injection vulnerability

Browse Source 
GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash
below 4.18.0. The vulnerable transitive dependency comes through
@kinvolk/headlamp-plugin.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Gandalf the Greybeard
2026-04-23 11:04:25 +00:00
parent 59c176621f
commit 741e158c40
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+4 -1
View File
@@ -56,5 +56,8 @@
"typescript": "~5.6.2",
"undici": "^7.24.3",
"vitest": "^3.0.5"
},
"overrides": {
"lodash": ">=4.18.0"
}
}
}