privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

fix: override fast-uri to patched version to resolve 2 high severity CVEs (#159)

Browse Source 
Upgraded @kinvolk/headlamp-plugin from ^0.13.0 to ^0.14.0 and added
fast-uri >=3.1.2 to pnpm overrides to address:
- GHSA-q3j6-qgpj-74h6 (fast-uri path traversal, patched in >=3.1.1)
- GHSA-v39h-62p7-jpjc (fast-uri host confusion, patched in >=3.1.2)

Remaining 6 vulnerabilities (1 low, 5 moderate) are in transitive deps
without direct override paths and do not affect production runtime.

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #159.
This commit is contained in:
privilegedescalation-engineer[bot]
2026-05-13 17:43:20 +00:00
committed by GitHub
parent 5744d9083f
commit f6a296df1b
2 changed files with 34 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+3 -2
View File
@@ -37,11 +37,12 @@
"lodash": ">=4.18.0", "lodash": ">=4.18.0",
"picomatch": ">=4.0.4", "picomatch": ">=4.0.4",
"vite": ">=6.4.2", "vite": ">=6.4.2",
"elliptic": ">=6.6.1" "elliptic": ">=6.6.1",
"fast-uri": ">=3.1.2"
} }
}, },
"devDependencies": { "devDependencies": {
"@kinvolk/headlamp-plugin": "^0.13.0", "@kinvolk/headlamp-plugin": "^0.14.0",
"@mui/material": "^5.15.14", "@mui/material": "^5.15.14",
"@testing-library/jest-dom": "^6.4.8", "@testing-library/jest-dom": "^6.4.8",
"@testing-library/react": "^16.0.0", "@testing-library/react": "^16.0.0",
pnpm-lock.yaml
Generated
+31 -40
View File
@@ -12,6 +12,7 @@ overrides:
picomatch: '>=4.0.4' picomatch: '>=4.0.4'
vite: '>=6.4.2' vite: '>=6.4.2'
elliptic: '>=6.6.1' elliptic: '>=6.6.1'
fast-uri: '>=3.1.2'
importers: importers:
@@ -21,8 +22,8 @@ importers:
specifier: ^0.6.0 specifier: ^0.6.0
version: 0.6.0(@typescript-eslint/eslint-plugin@8.56.1(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1)(typescript@5.6.2))(eslint-config-prettier@9.1.2(eslint@8.57.1))(eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1))(eslint-plugin-jsx-a11y@6.10.2(eslint@8.57.1))(eslint-plugin-react-hooks@4.6.2(eslint@8.57.1))(eslint-plugin-react@7.35.0(eslint@8.57.1))(eslint-plugin-simple-import-sort@12.1.1(eslint@8.57.1))(eslint-plugin-unused-imports@4.4.1(@typescript-eslint/eslint-plugin@8.56.1(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1))(eslint@8.57.1) version: 0.6.0(@typescript-eslint/eslint-plugin@8.56.1(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1)(typescript@5.6.2))(eslint-config-prettier@9.1.2(eslint@8.57.1))(eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1))(eslint-plugin-jsx-a11y@6.10.2(eslint@8.57.1))(eslint-plugin-react-hooks@4.6.2(eslint@8.57.1))(eslint-plugin-react@7.35.0(eslint@8.57.1))(eslint-plugin-simple-import-sort@12.1.1(eslint@8.57.1))(eslint-plugin-unused-imports@4.4.1(@typescript-eslint/eslint-plugin@8.56.1(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1))(eslint@8.57.1)
'@kinvolk/headlamp-plugin': '@kinvolk/headlamp-plugin':
specifier: ^0.13.0 specifier: ^0.14.0
version: 0.13.1(@swc/core@1.15.18)(@types/debug@4.1.12)(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(csstype@3.2.3)(esbuild@0.25.12)(immer@11.1.4)(openapi-types@12.1.3)(redux@5.0.1)(rollup@4.59.0)(terser@5.46.0)(webpack@5.105.4(@swc/core@1.15.18)(esbuild@0.25.12)) version: 0.14.0(@swc/core@1.15.18)(@types/debug@4.1.12)(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(csstype@3.2.3)(esbuild@0.25.12)(immer@11.1.4)(openapi-types@12.1.3)(redux@5.0.1)(rollup@4.59.0)(terser@5.46.0)(webpack@5.105.4(@swc/core@1.15.18)(esbuild@0.25.12))
'@mui/material': '@mui/material':
specifier: ^5.15.14 specifier: ^5.15.14
version: 5.18.0(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@types/react@19.2.14)(react@18.3.1))(@types/react@19.2.14)(react-dom@18.3.1(react@18.3.1))(react@18.3.1) version: 5.18.0(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@types/react@19.2.14)(react@18.3.1))(@types/react@19.2.14)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@@ -603,8 +604,8 @@ packages:
peerDependencies: peerDependencies:
jsep: ^0.4.0||^1.0.0 jsep: ^0.4.0||^1.0.0
'@kinvolk/headlamp-plugin@0.13.1': '@kinvolk/headlamp-plugin@0.14.0':
resolution: {integrity: sha512-aoAGs5w8HIS43p3YBcjzkIWZZlh18b/e02d+r/rr6+99vc48vOd9tKAIBZMVg4j+cVzbPtL1+t1tDE/UdeHcWQ==} resolution: {integrity: sha512-oVIqpSzf2zZfZG44gwrGI8xTLImCIKupUJ26k7ZhVrFSUBY9Ga+R66tfCdN4Q/ShYha/8J+qlpy5ac9PjRq2KA==}
hasBin: true hasBin: true
'@mdx-js/react@3.1.1': '@mdx-js/react@3.1.1':
@@ -2939,8 +2940,8 @@ packages:
fast-levenshtein@2.0.6: fast-levenshtein@2.0.6:
resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==} resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
fast-uri@3.1.0: fast-uri@3.1.2:
resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==} resolution: {integrity: sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==}
fastq@1.20.1: fastq@1.20.1:
resolution: {integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==} resolution: {integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==}
@@ -4284,10 +4285,6 @@ packages:
resolution: {integrity: sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==} resolution: {integrity: sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==}
engines: {node: ^10 || ^12 || >=14} engines: {node: ^10 || ^12 || >=14}
postcss@8.5.8:
resolution: {integrity: sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==}
engines: {node: ^10 || ^12 || >=14}
prelude-ls@1.2.1: prelude-ls@1.2.1:
resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==} resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
engines: {node: '>= 0.8.0'} engines: {node: '>= 0.8.0'}
@@ -6093,7 +6090,7 @@ snapshots:
dependencies: dependencies:
jsep: 1.4.0 jsep: 1.4.0
'@kinvolk/headlamp-plugin@0.13.1(@swc/core@1.15.18)(@types/debug@4.1.12)(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(csstype@3.2.3)(esbuild@0.25.12)(immer@11.1.4)(openapi-types@12.1.3)(redux@5.0.1)(rollup@4.59.0)(terser@5.46.0)(webpack@5.105.4(@swc/core@1.15.18)(esbuild@0.25.12))': '@kinvolk/headlamp-plugin@0.14.0(@swc/core@1.15.18)(@types/debug@4.1.12)(@typescript-eslint/parser@8.56.1(eslint@8.57.1)(typescript@5.6.2))(csstype@3.2.3)(esbuild@0.25.12)(immer@11.1.4)(openapi-types@12.1.3)(redux@5.0.1)(rollup@4.59.0)(terser@5.46.0)(webpack@5.105.4(@swc/core@1.15.18)(esbuild@0.25.12))':
dependencies: dependencies:
'@apidevtools/swagger-parser': 10.1.1(openapi-types@12.1.3) '@apidevtools/swagger-parser': 10.1.1(openapi-types@12.1.3)
'@emotion/react': 11.14.0(@types/react@18.3.28)(react@18.3.1) '@emotion/react': 11.14.0(@types/react@18.3.28)(react@18.3.1)
@@ -7686,7 +7683,7 @@ snapshots:
ajv@8.18.0: ajv@8.18.0:
dependencies: dependencies:
fast-deep-equal: 3.1.3 fast-deep-equal: 3.1.3
fast-uri: 3.1.0 fast-uri: 3.1.2
json-schema-traverse: 1.0.0 json-schema-traverse: 1.0.0
require-from-string: 2.0.2 require-from-string: 2.0.2
@@ -8225,12 +8222,12 @@ snapshots:
css-loader@6.11.0(webpack@5.105.4(@swc/core@1.15.18)(esbuild@0.25.12)): css-loader@6.11.0(webpack@5.105.4(@swc/core@1.15.18)(esbuild@0.25.12)):
dependencies: dependencies:
icss-utils: 5.1.0(postcss@8.5.8) icss-utils: 5.1.0(postcss@8.5.13)
postcss: 8.5.8 postcss: 8.5.13
postcss-modules-extract-imports: 3.1.0(postcss@8.5.8) postcss-modules-extract-imports: 3.1.0(postcss@8.5.13)
postcss-modules-local-by-default: 4.2.0(postcss@8.5.8) postcss-modules-local-by-default: 4.2.0(postcss@8.5.13)
postcss-modules-scope: 3.2.1(postcss@8.5.8) postcss-modules-scope: 3.2.1(postcss@8.5.13)
postcss-modules-values: 4.0.0(postcss@8.5.8) postcss-modules-values: 4.0.0(postcss@8.5.13)
postcss-value-parser: 4.2.0 postcss-value-parser: 4.2.0
semver: 7.7.4 semver: 7.7.4
optionalDependencies: optionalDependencies:
@@ -8934,7 +8931,7 @@ snapshots:
fast-levenshtein@2.0.6: {} fast-levenshtein@2.0.6: {}
fast-uri@3.1.0: {} fast-uri@3.1.2: {}
fastq@1.20.1: fastq@1.20.1:
dependencies: dependencies:
@@ -9392,9 +9389,9 @@ snapshots:
dependencies: dependencies:
safer-buffer: 2.1.2 safer-buffer: 2.1.2
icss-utils@5.1.0(postcss@8.5.8): icss-utils@5.1.0(postcss@8.5.13):
dependencies: dependencies:
postcss: 8.5.8 postcss: 8.5.13
ieee754@1.2.1: {} ieee754@1.2.1: {}
@@ -9647,7 +9644,7 @@ snapshots:
jest-worker@27.5.1: jest-worker@27.5.1:
dependencies: dependencies:
'@types/node': 20.19.37 '@types/node': 22.19.15
merge-stream: 2.0.0 merge-stream: 2.0.0
supports-color: 8.1.1 supports-color: 8.1.1
@@ -9885,7 +9882,7 @@ snapshots:
md5.js@1.3.5: md5.js@1.3.5:
dependencies: dependencies:
hash-base: 3.0.5 hash-base: 3.1.2
inherits: 2.0.4 inherits: 2.0.4
safe-buffer: 5.2.1 safe-buffer: 5.2.1
@@ -10501,26 +10498,26 @@ snapshots:
possible-typed-array-names@1.1.0: {} possible-typed-array-names@1.1.0: {}
postcss-modules-extract-imports@3.1.0(postcss@8.5.8): postcss-modules-extract-imports@3.1.0(postcss@8.5.13):
dependencies: dependencies:
postcss: 8.5.8 postcss: 8.5.13
postcss-modules-local-by-default@4.2.0(postcss@8.5.8): postcss-modules-local-by-default@4.2.0(postcss@8.5.13):
dependencies: dependencies:
icss-utils: 5.1.0(postcss@8.5.8) icss-utils: 5.1.0(postcss@8.5.13)
postcss: 8.5.8 postcss: 8.5.13
postcss-selector-parser: 7.1.1 postcss-selector-parser: 7.1.1
postcss-value-parser: 4.2.0 postcss-value-parser: 4.2.0
postcss-modules-scope@3.2.1(postcss@8.5.8): postcss-modules-scope@3.2.1(postcss@8.5.13):
dependencies: dependencies:
postcss: 8.5.8 postcss: 8.5.13
postcss-selector-parser: 7.1.1 postcss-selector-parser: 7.1.1
postcss-modules-values@4.0.0(postcss@8.5.8): postcss-modules-values@4.0.0(postcss@8.5.13):
dependencies: dependencies:
icss-utils: 5.1.0(postcss@8.5.8) icss-utils: 5.1.0(postcss@8.5.13)
postcss: 8.5.8 postcss: 8.5.13
postcss-selector-parser@7.1.1: postcss-selector-parser@7.1.1:
dependencies: dependencies:
@@ -10535,12 +10532,6 @@ snapshots:
picocolors: 1.1.1 picocolors: 1.1.1
source-map-js: 1.2.1 source-map-js: 1.2.1
postcss@8.5.8:
dependencies:
nanoid: 3.3.11
picocolors: 1.1.1
source-map-js: 1.2.1
prelude-ls@1.2.1: {} prelude-ls@1.2.1: {}
prettier@2.8.8: {} prettier@2.8.8: {}
@@ -11811,7 +11802,7 @@ snapshots:
chokidar: 3.6.0 chokidar: 3.6.0
p-map: 7.0.4 p-map: 7.0.4
picocolors: 1.1.1 picocolors: 1.1.1
tinyglobby: 0.2.15 tinyglobby: 0.2.16
vite: 8.0.10(@types/node@20.19.37)(esbuild@0.25.12)(terser@5.46.0)(yaml@2.8.2) vite: 8.0.10(@types/node@20.19.37)(esbuild@0.25.12)(terser@5.46.0)(yaml@2.8.2)
vite-plugin-svgr@4.5.0(rollup@4.59.0)(typescript@5.6.2)(vite@8.0.10(@types/node@20.19.37)(esbuild@0.25.12)(terser@5.46.0)(yaml@2.8.2)): vite-plugin-svgr@4.5.0(rollup@4.59.0)(typescript@5.6.2)(vite@8.0.10(@types/node@20.19.37)(esbuild@0.25.12)(terser@5.46.0)(yaml@2.8.2)):