Add pnpm.overrides.elliptic to prevent version regression on
the transitive elliptic vulnerability (CVE-2025-14505).
Vulnerability path:
@kinvolk/headlamp-plugin → vite-plugin-node-polyfills →
node-stdlib-browser → crypto-browserify → browserify-sign → elliptic
Note: pnpm audit will still report the vulnerability until
upstream publishes elliptic 6.6.2+. This override safeguards
against pulling a worse version.
Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
* fix: override lodash >=4.18.0 to patch code injection vulnerability
GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash
below 4.18.0. The vulnerable transitive dependency comes through
@kinvolk/headlamp-plugin.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: update package-lock.json to satisfy lodash override
The package.json override requires lodash >=4.18.0, but the lockfile
had 4.17.23. Regenerated lockfile with npm install --include=dev.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix(e2e): scope heading locators to main content area
Cherry-picked from PR #50 to fix E2E test failures on lodash PR.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
---------
Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
The package.json only listed @kinvolk/headlamp-plugin as a devDependency,
but CI runs tsc, eslint, prettier, and vitest which all require additional
packages. Add the same devDependencies used by the reference kube-vip plugin
and regenerate the lock file.
Also adds peerDependencies for react/react-dom to match the reference plugin
conventions.
Co-authored-by: Gandalf the Greybeard <gandalf-the-greybeard[bot]@users.noreply.github.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Artifact Hub listing was renamed with new repository ID
3c97f78a-26e3-4e8a-89e7-29884602e3d7. Updates package name,
sidebar entries, routes, archive URL, and documentation.
Refs: PRI-26
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove unsafe `as any` casts, fix MetricsPage fetch cancellation safety,
delete dead AppBarGpuBadge component, fix typo in data context, move
extractJsonData to module scope, resolve ESLint/Prettier indent conflict,
fix artifacthub-pkg.yml version mismatch and inaccurate description.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add missing config files (.eslintrc.js, .prettierrc.js, .pluginrc,
.mcp.json, renovate.json), documentation (CLAUDE.md, CONTRIBUTING.md,
README.md, SECURITY.md, LICENSE), CI/CD workflows (ci.yaml, release.yaml),
and Claude agent definitions. Rename package from headlamp-intel-gpu-plugin
to intel-gpu to match the short-name convention used by all other plugins.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Chris Farhood
privilegedescalation-engineer[bot]