fix: override elliptic to patched version for GHSA-848j-6mx2-7j84
Security fix: pins transitive elliptic dependency to >=6.6.1 via pnpm.overrides to address GHSA-848j-6mx2-7j84. All pipeline gates satisfied: - CI: passed ✅ - UAT (Pixel Patty): approved ✅ (PRI-717 done) - QA (Regression Regina): approved ✅ (PRI-707 thread) - CTO (Null Pointer Nancy): approved ✅ (GitHub review) Source: PRI-707 / PRI-734 Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #56.
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
6459913304
commit
b4e6cb9367
+2
-1
@@ -33,7 +33,8 @@
|
||||
"tar": "^7.5.11",
|
||||
"undici": "^7.24.3",
|
||||
"lodash": ">=4.18.0",
|
||||
"vite": ">=6.4.2"
|
||||
"vite": ">=6.4.2",
|
||||
"elliptic": ">=6.6.1"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@headlamp-k8s/eslint-config": "^0.6.0",
|
||||
|
||||
Reference in New Issue
Block a user