fix: patch high-severity vulnerabilities in picomatch and vite #128

Merged
privilegedescalation-engineer[bot] merged 2 commits from gandalf/fix-vulns-picomatch-vite into main 2026-05-04 11:01:53 +00:00
4 changed files with 508 additions and 130 deletions
+1 -1
View File
@@ -229,7 +229,7 @@ Headlamp v0.39.0 with default `watchPlugins: true` treats catalog-managed plugin
**Action Items:** **Action Items:**
- [ ] Parallelize test execution - [ ] Parallelize test execution
- [ ] Add npm cache to GitHub Actions - [ ] Add npm cache to GitHub Actions
- [ ] Integrate Dependabot - [x] Renovate is configured org-wide via `github>privilegedescalation/.github:renovate-config`
- [ ] Add semantic-release - [ ] Add semantic-release
--- ---
+1 -1
View File
@@ -212,7 +212,7 @@ If you discover a security vulnerability in this plugin, please report it via:
The project uses: The project uses:
- **npm audit**: Runs automatically during `npm install` - **npm audit**: Runs automatically during `npm install`
- **Dependabot**: GitHub Dependabot monitors dependencies and creates PRs for updates - **Renovate**: Automated dependency updates via Mend Renovate (org-wide configured)
- **GitHub Actions**: CI workflow runs `npm audit` on every commit - **GitHub Actions**: CI workflow runs `npm audit` on every commit
### Updating Dependencies ### Updating Dependencies
+3 -1
View File
@@ -36,7 +36,9 @@
"tar": "^7.5.11", "tar": "^7.5.11",
"undici": "^7.24.3", "undici": "^7.24.3",
"flatted": "^3.4.2", "flatted": "^3.4.2",
"lodash": ">=4.18.0" "lodash": ">=4.18.0",
"picomatch": ">=4.0.4",
"vite": ">=6.4.2"
} }
}, },
"devDependencies": { "devDependencies": {
+503 -127
View File
File diff suppressed because it is too large Load Diff