fix: override elliptic for GHSA-848j-6mx2-7j84
* fix: add elliptic override for GHSA-848j-6mx2-7j84 Add pnpm.overrides.elliptic to prevent version regression on the transitive elliptic vulnerability (CVE-2025-14505). Vulnerability path: @kinvolk/headlamp-plugin → vite-plugin-node-polyfills → node-stdlib-browser → crypto-browserify → browserify-sign → elliptic Note: pnpm audit will still report the vulnerability until upstream publishes elliptic 6.6.2+. This override safeguards against pulling a worse version. Co-Authored-By: Paperclip <noreply@paperclip.ing> * chore: regenerate pnpm-lock.yaml with elliptic override --------- Co-authored-by: Chris Farhood <chris@farhood.org> Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #142.
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
2d629809a2
commit
7a0c068a93
+2
-1
@@ -38,7 +38,8 @@
|
|||||||
"flatted": "^3.4.2",
|
"flatted": "^3.4.2",
|
||||||
"lodash": ">=4.18.0",
|
"lodash": ">=4.18.0",
|
||||||
"picomatch": ">=4.0.4",
|
"picomatch": ">=4.0.4",
|
||||||
"vite": ">=6.4.2"
|
"vite": ">=6.4.2",
|
||||||
|
"elliptic": ">=6.6.1"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
|||||||
Generated
+1
@@ -11,6 +11,7 @@ overrides:
|
|||||||
lodash: '>=4.18.0'
|
lodash: '>=4.18.0'
|
||||||
picomatch: '>=4.0.4'
|
picomatch: '>=4.0.4'
|
||||||
vite: '>=6.4.2'
|
vite: '>=6.4.2'
|
||||||
|
elliptic: '>=6.6.1'
|
||||||
|
|
||||||
importers:
|
importers:
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user