privilegedescalation/headlamp-argocd-plugin

fix: add elliptic override for GHSA-848j-6mx2-7j84 #30

Closed

privilegedescalation-engineer[bot] wants to merge 2 commits from fix/elliptic-override-ghsa-848j-6mx2-7j84 into main

Author	SHA1	Message	Date
Chris Farhood	1c8ae3ac53	ci: refresh runner state for PR #26 Trigger fresh CI run to rule out stale runner cache. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-05 18:36:41 +00:00
Chris Farhood	44d96aef57	fix: add elliptic override for GHSA-848j-6mx2-7j84 Add pnpm.overrides.elliptic to prevent version regression on the transitive elliptic vulnerability (CVE-2025-14505). Vulnerability path: @kinvolk/headlamp-plugin → vite-plugin-node-polyfills → node-stdlib-browser → crypto-browserify → browserify-sign → elliptic Note: pnpm audit will still report the vulnerability until upstream publishes elliptic 6.6.2+. This override safeguards against pulling a worse version. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-05 18:07:58 +00:00

Author

SHA1

Message

Date

Chris Farhood

1c8ae3ac53

ci: refresh runner state for PR #26

Trigger fresh CI run to rule out stale runner cache.
Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-05 18:36:41 +00:00

Chris Farhood

44d96aef57

fix: add elliptic override for GHSA-848j-6mx2-7j84

Add pnpm.overrides.elliptic to prevent version regression on
the transitive elliptic vulnerability (CVE-2025-14505).

Vulnerability path:
@kinvolk/headlamp-plugin → vite-plugin-node-polyfills →
node-stdlib-browser → crypto-browserify → browserify-sign → elliptic

Note: pnpm audit will still report the vulnerability until
upstream publishes elliptic 6.6.2+. This override safeguards
against pulling a worse version.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-05 18:07:58 +00:00

fix: add elliptic override for GHSA-848j-6mx2-7j84 #30

2 Commits