privilegedescalation/headlamp-kube-vip-plugin
12
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 8 Wiki Activity

fix: override lodash >=4.18.0 to patch code injection vulnerability #40

Merged
privilegedescalation-engineer[bot] merged 2 commits from fix/lodash-cve-ghsa-r5fr-rjxr-66jc into main 2026-05-03 23:24:52 +00:00
Conversation 8 Commits 2 Files Changed 2
+404 -403

2 Commits

Author SHA1 Message Date
Chris Farhood 1d65d5137a merge: resolve conflict with main, combine lodash and vite overrides 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-03 23:17:53 +00:00
Gandalf the Greybeard a7daabe4a0 fix: override lodash >=4.18.0 to patch code injection vulnerability 
GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash
below 4.18.0. The vulnerable transitive dependency comes through
@kinvolk/headlamp-plugin.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-23 10:58:22 +00:00