fix: add elliptic override for GHSA-848j-6mx2-7j84

Add pnpm.overrides.elliptic to prevent version regression on the transitive elliptic vulnerability (CVE-2025-14505). Vulnerability path: @kinvolk/headlamp-plugin → vite-plugin-node-polyfills → node-stdlib-browser → crypto-browserify → browserify-sign → elliptic Note: pnpm audit will still report the vulnerability until upstream publishes elliptic 6.6.2+. This override safeguards against pulling a worse version. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-05 18:08:21 +00:00
parent aa1db9215a
commit 5bc61a4e8d
2 changed files with 5 additions and 3 deletions
@@ -38,7 +38,8 @@
      "flatted": "^3.4.2",
      "lodash": ">=4.18.0",
      "picomatch": ">=4.0.4",
-      "vite": ">=6.4.2"
+      "vite": ">=6.4.2",
+      "elliptic": ">=6.6.1"
    }
  },
  "devDependencies": {