fix: override lodash >=4.18.0 to patch code injection vulnerability
GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash below 4.18.0. The vulnerable transitive dependency comes through @kinvolk/headlamp-plugin. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Gandalf the Greybeard
+2
-1
@@ -44,6 +44,7 @@
|
|||||||
},
|
},
|
||||||
"overrides": {
|
"overrides": {
|
||||||
"tar": "^7.5.11",
|
"tar": "^7.5.11",
|
||||||
"undici": "^7.24.3"
|
"undici": "^7.24.3",
|
||||||
|
"lodash": ">=4.18.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user