fix: override lodash >=4.18.0 to patch code injection vulnerability #7

Merged

privilegedescalation-engineer[bot] merged 2 commits from fix/lodash-cve-ghsa-r5fr-rjxr-66jc into main 2026-05-04 03:24:01 +00:00

Conversation 5 Commits 2 Files Changed 2

+6 -3

2 Commits

Author	SHA1	Message	Date
Chris Farhood	351e05f052	Regenerate lockfile for lodash override ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-03 18:03:56 +00:00
Gandalf the Greybeard	741e158c40	fix: override lodash >=4.18.0 to patch code injection vulnerability ... GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash below 4.18.0. The vulnerable transitive dependency comes through @kinvolk/headlamp-plugin. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-23 11:04:25 +00:00