From 9904f8f4050f3d272f719a9e34dff92682b5cb59 Mon Sep 17 00:00:00 2001
From: Hugh Hackman <hugh@paperclip.ing>
Date: Wed, 18 Mar 2026 22:55:27 +0000
Subject: [PATCH 1/2] fix: add npm overrides for tar and undici security
 advisories

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 package.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package.json b/package.json
index ecbb8b0..7ad526b 100644
--- a/package.json
+++ b/package.json
@@ -28,6 +28,10 @@
     "react": "^18.0.0",
     "react-dom": "^18.0.0"
   },
+  "overrides": {
+    "tar": "^7.5.11",
+    "undici": "^7.24.3"
+  },
   "devDependencies": {
     "@kinvolk/headlamp-plugin": "^0.13.0",
     "@testing-library/jest-dom": "^6.4.8",
-- 
2.52.0


From e0f0349a76f3c2ba74ab3ce019d646dfb7f6d593 Mon Sep 17 00:00:00 2001
From: Hugh Hackman <hugh@privilegedescalation.com>
Date: Wed, 18 Mar 2026 23:04:41 +0000
Subject: [PATCH 2/2] fix: regenerate package-lock.json for undici override

Resolves lockfile mismatch where undici@7.24.1 did not satisfy the
^7.24.3 override. Running npm install updated the resolved version
to undici@7.24.4.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9f88782..9b18986 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17050,9 +17050,9 @@
       }
     },
     "node_modules/undici": {
-      "version": "7.24.1",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.1.tgz",
-      "integrity": "sha512-5xoBibbmnjlcR3jdqtY2Lnx7WbrD/tHlT01TmvqZUFVc9Q1w4+j5hbnapTqbcXITMH1ovjq/W7BkqBilHiVAaA==",
+      "version": "7.24.4",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.4.tgz",
+      "integrity": "sha512-BM/JzwwaRXxrLdElV2Uo6cTLEjhSb3WXboncJamZ15NgUURmvlXvxa6xkwIOILIjPNo9i8ku136ZvWV0Uly8+w==",
       "dev": true,
       "license": "MIT",
       "engines": {
-- 
2.52.0