chore: regenerate pnpm-lock.yaml for elliptic override

Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: override elliptic to patched version for GHSA-848j-6mx2-7j84
2026-05-06 00:48:44 +00:00 · 2026-05-05 13:02:51 +00:00
3 changed files with 0 additions and 37 deletions
@@ -15,6 +15,4 @@ on:
 jobs:
  dual-approval:
    uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
-    with:
-      pr_number: ${{ github.event.pull_request.number }}
    secrets: inherit
@@ -1,15 +0,0 @@
-name: Renovate
-on:
-  schedule:
-    - cron: '0 3 * * *'
-  workflow_dispatch:
-jobs:
-  renovate:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: renovatebot/github-action@v40.3.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          configurationFile: renovate.json
-          renovate-json5: true
@@ -1,20 +0,0 @@
-{
-  // Allowlist for inherited dev-dependency CVEs from @kinvolk/headlamp-plugin
-  // CTO decision (PRI-854): these high-severity vulns are dev/build-time only,
-  // trace to @kinvolk/headlamp-plugin transitive deps (Picomatch, Vite, lodash),
-  // and do NOT ship in production plugin artifacts.
-  "allowlist": [
-    {
-      "id": "GHSA-hhpm-516h-p3p6",
-      "reason": "Picomatch ReDoS: devDependency only, does not ship in production plugin bundle"
-    },
-    {
-      "id": "GHSA-36xf-7xpp-53w5",
-      "reason": "Vite arbitrary file read: devDependency only, does not ship in production plugin bundle"
-    },
-    {
-      "id": "GHSA-jf8v-p3pp-93qh",
-      "reason": "lodash code injection via _.template: devDependency only, does not ship in production plugin bundle"
-    }
-  ]
-}
Author	SHA1	Message	Date
Chris Farhood	070f2c9ebd	chore: regenerate pnpm-lock.yaml for elliptic override Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-06 00:48:44 +00:00
Chris Farhood	1c375c7ede	fix: override elliptic to patched version for GHSA-848j-6mx2-7j84	2026-05-05 13:02:51 +00:00