privilegedescalation/headlamp-argocd-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 2 Wiki Activity

Remove ineffective elliptic pnpm.overrides entry #49

Open
Gandalf the Greybeard wants to merge 2 commits from gandalf/remove-ineffective-elliptic-override into main
pull from: gandalf/remove-ineffective-elliptic-override
merge into: privilegedescalation:main
Conversation 2 Commits 2 Files Changed 2
+1 -3

2 Commits

Author SHA1 Message Date
Chris Farhood 42d14ad238 ci: re-trigger checks
CI / ci (pull_request) Failing after 1m10s
Details
CI / ci (push) Failing after 1m13s
Details
Promotion Gate / Promotion Gate (pull_request) Failing after 4m4s
Details
2026-05-31 00:14:04 +00:00
Gandalf the Greybeard 5986026abd Remove ineffective elliptic pnpm.overrides entry
CI / ci (pull_request) Failing after 1m13s
Details
Promotion Gate / Promotion Gate (pull_request) Failing after 4m4s
Details
CI / ci (push) Failing after 10m54s
Details
Promotion Gate / Promotion Gate (pull_request_review) Failing after 4m1s
Details 
The override "elliptic": ">=6.6.1" was added in PR #26 to address
GHSA-848j-6mx2-7j84 (CVE-2025-14505), but it is a no-op because
elliptic@6.6.1 IS the vulnerable version and no patched version exists.
No upstream fix is available — elliptic@6.6.1 is the latest release.

CTO decision: remove the no-op override, accept residual build-time risk.
Dependency is build-time only and not shipped to production.

Ref: PRI-1758, PRI-923
 2026-05-30 23:53:40 +00:00