fix: override fast-uri to patched version to resolve 2 high severity CVEs (#159)
Upgraded @kinvolk/headlamp-plugin from ^0.13.0 to ^0.14.0 and added fast-uri >=3.1.2 to pnpm overrides to address: - GHSA-q3j6-qgpj-74h6 (fast-uri path traversal, patched in >=3.1.1) - GHSA-v39h-62p7-jpjc (fast-uri host confusion, patched in >=3.1.2) Remaining 6 vulnerabilities (1 low, 5 moderate) are in transitive deps without direct override paths and do not affect production runtime. Co-authored-by: Chris Farhood <chris@farhood.org> Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #159.
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
5744d9083f
commit
f6a296df1b
+3
-2
@@ -37,11 +37,12 @@
|
||||
"lodash": ">=4.18.0",
|
||||
"picomatch": ">=4.0.4",
|
||||
"vite": ">=6.4.2",
|
||||
"elliptic": ">=6.6.1"
|
||||
"elliptic": ">=6.6.1",
|
||||
"fast-uri": ">=3.1.2"
|
||||
}
|
||||
},
|
||||
"devDependencies": {
|
||||
"@kinvolk/headlamp-plugin": "^0.13.0",
|
||||
"@kinvolk/headlamp-plugin": "^0.14.0",
|
||||
"@mui/material": "^5.15.14",
|
||||
"@testing-library/jest-dom": "^6.4.8",
|
||||
"@testing-library/react": "^16.0.0",
|
||||
|
||||
Reference in New Issue
Block a user