fix: override lodash >=4.18.0 to patch code injection vulnerability

GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash below 4.18.0. The vulnerable transitive dependency comes through @kinvolk/headlamp-plugin. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-23 10:58:22 +00:00
parent ac3d9e87ca
commit a7daabe4a0
1 changed files with 2 additions and 1 deletions
@@ -31,7 +31,8 @@
  },
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "lodash": ">=4.18.0"
  },
  "devDependencies": {
    "@headlamp-k8s/eslint-config": "^0.6.0",