chore: regenerate pnpm-lock.yaml with lodash >=4.18.0 override #41

Closed

privilegedescalation-engineer[bot] wants to merge 2 commits from gandalf/lodash-override-pnpm-lock into main

Author	SHA1	Message	Date
Chris Farhood	9af291a8fb	chore: regenerate pnpm-lock.yaml with lodash >=4.18.0 override Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-03 18:07:29 +00:00
Gandalf the Greybeard	a7daabe4a0	fix: override lodash >=4.18.0 to patch code injection vulnerability GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash below 4.18.0. The vulnerable transitive dependency comes through @kinvolk/headlamp-plugin. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-23 10:58:22 +00:00

Author

SHA1

Message

Date

Chris Farhood

9af291a8fb

chore: regenerate pnpm-lock.yaml with lodash >=4.18.0 override

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-03 18:07:29 +00:00

Gandalf the Greybeard

a7daabe4a0

fix: override lodash >=4.18.0 to patch code injection vulnerability

GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash
below 4.18.0. The vulnerable transitive dependency comes through
@kinvolk/headlamp-plugin.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-23 10:58:22 +00:00

chore: regenerate pnpm-lock.yaml with lodash >=4.18.0 override #41

2 Commits