From 44d96aef57db565cdbbea38f9f8a96c4ece58844 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 18:07:58 +0000 Subject: [PATCH 1/2] fix: add elliptic override for GHSA-848j-6mx2-7j84 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add pnpm.overrides.elliptic to prevent version regression on the transitive elliptic vulnerability (CVE-2025-14505). Vulnerability path: @kinvolk/headlamp-plugin → vite-plugin-node-polyfills → node-stdlib-browser → crypto-browserify → browserify-sign → elliptic Note: pnpm audit will still report the vulnerability until upstream publishes elliptic 6.6.2+. This override safeguards against pulling a worse version. Co-Authored-By: Paperclip --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index eaf7886..753b3f1 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,8 @@ "overrides": { "tar": "^7.5.11", "undici": "^7.24.3", - "flatted": "^3.4.2" + "flatted": "^3.4.2", + "elliptic": ">=6.6.1" } }, "devDependencies": { -- 2.52.0 From 1c8ae3ac536eb572d0dd3b62053185cefe5699e9 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 18:36:41 +0000 Subject: [PATCH 2/2] ci: refresh runner state for PR #26 Trigger fresh CI run to rule out stale runner cache. Co-Authored-By: Paperclip --- pnpm-lock.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2e17be9..cebd31c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -8,6 +8,7 @@ overrides: tar: ^7.5.11 undici: ^7.24.3 flatted: ^3.4.2 + elliptic: '>=6.6.1' importers: @@ -6232,7 +6233,7 @@ snapshots: material-react-table: 2.13.3(0078ddeddc9e779fa84c03996c1db10e) monaco-editor: 0.52.2 msw: 2.4.9(typescript@5.6.2) - msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.3)) + msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.2)) notistack: 3.0.2(csstype@3.2.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1) path-browserify: 1.0.1 prettier: 2.8.8 @@ -10237,7 +10238,7 @@ snapshots: ms@2.1.3: {} - msw-storybook-addon@2.0.3(msw@2.4.9(typescript@5.6.3)): + msw-storybook-addon@2.0.3(msw@2.4.9(typescript@5.6.2)): dependencies: is-node-process: 1.2.0 msw: 2.4.9(typescript@5.6.2) -- 2.52.0