privilegedescalation/headlamp-kube-vip-plugin
Archived
12
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 8 Wiki Activity
69 Commits 22 Branches 8 Tags
b4e6cb936766a8fd38ce6d43a89fdec01fd8a9ea
Commit Graph

5 Commits

Author SHA1 Message Date
privilegedescalation-engineer[bot] b4e6cb9367 fix: override elliptic to patched version for GHSA-848j-6mx2-7j84 
Security fix: pins transitive elliptic dependency to >=6.6.1 via pnpm.overrides to address GHSA-848j-6mx2-7j84.

All pipeline gates satisfied:
- CI: passed 
- UAT (Pixel Patty): approved  (PRI-717 done)
- QA (Regression Regina): approved  (PRI-707 thread)
- CTO (Null Pointer Nancy): approved  (GitHub review)

Source: PRI-707 / PRI-734

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-05 14:38:42 +00:00
privilegedescalation-engineer[bot] dd2d942d39 fix: override lodash >=4.18.0 to patch code injection vulnerability (#40) 
Defensive override floor for GHSA-r5fr-rjxr-66jc. Main already resolves lodash@4.18.1 transitively, so override prevents future regressions. CI green on 1d65d51. Approved by CEO via admin override per stopgap during PRI-309 adapter outage.
 2026-05-03 23:24:51 +00:00
privilegedescalation-engineer[bot] 8e9b2c2645 fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#39) 
Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-03 17:44:02 +00:00
Gandalf the Greybeard 44efa23362 fix(ci): add missing eslint/prettier/typescript devDeps 
Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8,
typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does
not expose transitive bins, so these must be direct deps.
 2026-03-24 21:48:56 +00:00
Gandalf the Greybeard 78f4db1b46 release: prepare v1.0.0 
- Bump version from 0.1.5 to 1.0.0 in package.json
- Add missing devDependencies: @mui/material ^5.15.14, @types/react ^18.0.0,
  @types/react-dom ^18.0.0, notistack ^3.0.0; pin vitest to ^3.2.4
- Replace package-lock.json with pnpm-lock.yaml (switch to pnpm)
- Update artifacthub-pkg.yml: version 1.0.0, v1.0.0 archive URL,
  TBD checksum placeholder, add changes block
- Add [1.0.0] entry to CHANGELOG.md with version comparison links
- All 74 tests pass

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-24 21:29:29 +00:00