privilegedescalation/headlamp-intel-gpu-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 9 Wiki Activity

fix: override lodash >=4.18.0 to patch code injection vulnerability #51

Merged
privilegedescalation-engineer[bot] merged 3 commits from fix/lodash-cve-ghsa-r5fr-rjxr-66jc into main 2026-05-03 17:44:15 +00:00
Conversation 3 Commits 3 Files Changed 3
+26 -17

3 Commits

Author SHA1 Message Date
Gandalf the Greybeard d11ebd9105 fix(e2e): scope heading locators to main content area 
Cherry-picked from PR #50 to fix E2E test failures on lodash PR.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-26 21:44:54 +00:00
Gandalf the Greybeard 6fd9b5d810 fix: update package-lock.json to satisfy lodash override 
The package.json override requires lodash >=4.18.0, but the lockfile
had 4.17.23. Regenerated lockfile with npm install --include=dev.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-26 21:32:33 +00:00
Gandalf the Greybeard ecd1e4db29 fix: override lodash >=4.18.0 to patch code injection vulnerability 
GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash
below 4.18.0. The vulnerable transitive dependency comes through
@kinvolk/headlamp-plugin.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-23 10:58:22 +00:00