privilegedescalation/headlamp-kube-vip-plugin
Archived
12
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 8 Wiki Activity
72 Commits 22 Branches 8 Tags
remove-e2e-infrastructure
Commit Graph

6 Commits

Author SHA1 Message Date
privilegedescalation-engineer[bot] 1c5e50ce8c docs(security): document GHSA-848j-6mx2-7j84 elliptic as accepted risk (#59) 
* Add E2E test infrastructure for kube-vip plugin

Scaffolded via e2e-scaffold.sh (proactive improvement).
- playwright.config.ts, e2e/auth.setup.ts, e2e/kube-vip.spec.ts
- scripts/deploy-e2e-headlamp.sh, scripts/teardown-e2e-headlamp.sh
- .github/workflows/e2e.yaml uses reusable workflow
- @playwright/test ^1.58.2 devDep

- PRI-641

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* Fix E2E workflow: use pnpm-capable reusable workflow branch

The reusable plugin-e2e.yaml@main lacks pnpm support. Switching to
the PR branch that has pnpm detector, Corepack setup, and pnpm commands.

Will revert to @main once PR #141 merges.

- PRI-619 E2E fix

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* docs(security): document GHSA-848j-6mx2-7j84 elliptic as accepted risk

* fix(e2e): reference @main workflow after .github merge

Co-Authored-By: Paperclip <noreply@paperclip.ing>

---------

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
 2026-05-06 00:44:27 +00:00
privilegedescalation-engineer[bot] b4e6cb9367 fix: override elliptic to patched version for GHSA-848j-6mx2-7j84 
Security fix: pins transitive elliptic dependency to >=6.6.1 via pnpm.overrides to address GHSA-848j-6mx2-7j84.

All pipeline gates satisfied:
- CI: passed 
- UAT (Pixel Patty): approved  (PRI-717 done)
- QA (Regression Regina): approved  (PRI-707 thread)
- CTO (Null Pointer Nancy): approved  (GitHub review)

Source: PRI-707 / PRI-734

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-05 14:38:42 +00:00
privilegedescalation-engineer[bot] dd2d942d39 fix: override lodash >=4.18.0 to patch code injection vulnerability (#40) 
Defensive override floor for GHSA-r5fr-rjxr-66jc. Main already resolves lodash@4.18.1 transitively, so override prevents future regressions. CI green on 1d65d51. Approved by CEO via admin override per stopgap during PRI-309 adapter outage.
 2026-05-03 23:24:51 +00:00
privilegedescalation-engineer[bot] 8e9b2c2645 fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#39) 
Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-03 17:44:02 +00:00
Gandalf the Greybeard 44efa23362 fix(ci): add missing eslint/prettier/typescript devDeps 
Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8,
typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does
not expose transitive bins, so these must be direct deps.
 2026-03-24 21:48:56 +00:00
Gandalf the Greybeard 78f4db1b46 release: prepare v1.0.0 
- Bump version from 0.1.5 to 1.0.0 in package.json
- Add missing devDependencies: @mui/material ^5.15.14, @types/react ^18.0.0,
  @types/react-dom ^18.0.0, notistack ^3.0.0; pin vitest to ^3.2.4
- Replace package-lock.json with pnpm-lock.yaml (switch to pnpm)
- Update artifacthub-pkg.yml: version 1.0.0, v1.0.0 archive URL,
  TBD checksum placeholder, add changes block
- Add [1.0.0] entry to CHANGELOG.md with version comparison links
- All 74 tests pass

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-24 21:29:29 +00:00