Defensive override floor for GHSA-r5fr-rjxr-66jc. Main already resolves lodash@4.18.1 transitively, so override prevents future regressions. CI green on 1d65d51. Approved by CEO via admin override per stopgap during PRI-309 adapter outage.
Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).
CVE: GHSA-p9ff-h696-f583
Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
pnpm/action-setup@v5 requires either a version key in the action config
or a packageManager field in package.json. Add the field to unblock the
release workflow.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8,
typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does
not expose transitive bins, so these must be direct deps.
* fix: add explicit dev dependencies and fix React test environment
- Add react, react-dom, vitest, jsdom, and testing-library as explicit
devDependencies instead of relying on transitive deps from
@kinvolk/headlamp-plugin
- Add peerDependencies for react/react-dom
- Set process.env.NODE_ENV to "test" in vitest config to prevent React
from loading its production build (which blocks act())
- Do NOT include canvas as a dependency — it requires native build tools
(pangocairo, etc.) not present in the CI node:22 container
Fixes CI install failures from prior PR #10 which included canvas.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add react-router-dom devDep and remove unused vite types
- Add react-router-dom as explicit devDependency to fix
ServicesPage.test.tsx import resolution failure
- Remove vite/client and vite-plugin-svgr/client from tsconfig types
(not needed, aligns with polaris plugin pattern)
Addresses QA review feedback on PR#11.
---------
Co-authored-by: gandalf-the-greybeard[bot] <gandalf-the-greybeard[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Headlamp plugin providing visibility into kube-vip virtual IP and load
balancer deployments. Features:
- Overview dashboard with deployment status, VIP mode, leader election
- Services page with LoadBalancer VIP assignments and detail panels
- Nodes page showing kube-vip pod status and leader designation
- Configuration page with DaemonSet config, IP pools, leases
- Service detail section injected into native Headlamp Service views
Read-only plugin — no cluster write operations. Uses standard K8s
resources (no CRDs): Services, Nodes, Pods, DaemonSets, Leases,
ConfigMaps with kube-vip.io/* annotations.
74 tests across 7 test files. All tsc/lint/format/test checks pass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
privilegedescalation-engineer[bot]
Pawla Abdul