From f7d415e013a3a8acff2887cba6cdadddd9bb5192 Mon Sep 17 00:00:00 2001
From: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Date: Wed, 18 Mar 2026 02:44:24 +0000
Subject: [PATCH] fix: add npm overrides for tar and undici security advisories

The dependency tree through @kinvolk/headlamp-plugin constrains tar
(via pluginctl) and undici (via cheerio/i18next-parser). While the
lockfile currently resolves to patched versions, Dependabot cannot
auto-update these transitive deps. Adding explicit overrides ensures
tar>=7.5.11 and undici>=7.24.3 are always resolved, preventing
future Dependabot failures.

Fixes #64

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 package.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package.json b/package.json
index af4b245..361e4f6 100644
--- a/package.json
+++ b/package.json
@@ -30,6 +30,10 @@
     "react": "^18.0.0",
     "react-dom": "^18.0.0"
   },
+  "overrides": {
+    "tar": "^7.5.11",
+    "undici": "^7.24.3"
+  },
   "devDependencies": {
     "@kinvolk/headlamp-plugin": "^0.13.0",
     "@mui/material": "^5.15.14",