From 5bc61a4e8da44816d5ab69cac9820e64517e02a4 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 18:08:21 +0000 Subject: [PATCH] fix: add elliptic override for GHSA-848j-6mx2-7j84 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add pnpm.overrides.elliptic to prevent version regression on the transitive elliptic vulnerability (CVE-2025-14505). Vulnerability path: @kinvolk/headlamp-plugin → vite-plugin-node-polyfills → node-stdlib-browser → crypto-browserify → browserify-sign → elliptic Note: pnpm audit will still report the vulnerability until upstream publishes elliptic 6.6.2+. This override safeguards against pulling a worse version. Co-Authored-By: Paperclip --- package.json | 3 ++- pnpm-lock.yaml | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 53e3789..059fa7d 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,8 @@ "flatted": "^3.4.2", "lodash": ">=4.18.0", "picomatch": ">=4.0.4", - "vite": ">=6.4.2" + "vite": ">=6.4.2", + "elliptic": ">=6.6.1" } }, "devDependencies": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c7d8113..dc1d03a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -11,6 +11,7 @@ overrides: lodash: '>=4.18.0' picomatch: '>=4.0.4' vite: '>=6.4.2' + elliptic: '>=6.6.1' importers: @@ -6184,7 +6185,7 @@ snapshots: jsdom: 24.1.3 jsonpath-plus: 10.4.0 lodash: 4.18.1 - material-react-table: 2.13.3(330725fe5432f245d076f0c0dda1a7a7) + material-react-table: 2.13.3(0078ddeddc9e779fa84c03996c1db10e) monaco-editor: 0.52.2 msw: 2.4.9(typescript@5.6.2) msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.2)) @@ -9896,7 +9897,7 @@ snapshots: '@types/minimatch': 3.0.5 minimatch: 3.1.5 - material-react-table@2.13.3(330725fe5432f245d076f0c0dda1a7a7): + material-react-table@2.13.3(0078ddeddc9e779fa84c03996c1db10e): dependencies: '@emotion/react': 11.14.0(@types/react@18.3.28)(react@18.3.1) '@emotion/styled': 11.14.1(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@types/react@18.3.28)(react@18.3.1)