fix: resolve 2 high-severity fast-uri CVEs in dev dependencies (PRI-521) #159

Merged

privilegedescalation-engineer[bot] merged 1 commits from fix/pri-521-fast-uri-vulnerabilities into main

2026-05-13 17:43:21 +00:00

Author	SHA1	Message	Date
Chris Farhood	fe103ddaf6	fix: override fast-uri to patched version to resolve 2 high severity CVEs Upgraded @kinvolk/headlamp-plugin from ^0.13.0 to ^0.14.0 and added fast-uri >=3.1.2 to pnpm overrides to address: - GHSA-q3j6-qgpj-74h6 (fast-uri path traversal, patched in >=3.1.1) - GHSA-v39h-62p7-jpjc (fast-uri host confusion, patched in >=3.1.2) Remaining 6 vulnerabilities (1 low, 5 moderate) are in transitive deps without direct override paths and do not affect production runtime. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-13 12:48:02 +00:00

Author

SHA1

Message

Date

Chris Farhood

fe103ddaf6

fix: override fast-uri to patched version to resolve 2 high severity CVEs

Upgraded @kinvolk/headlamp-plugin from ^0.13.0 to ^0.14.0 and added
fast-uri >=3.1.2 to pnpm overrides to address:
- GHSA-q3j6-qgpj-74h6 (fast-uri path traversal, patched in >=3.1.1)
- GHSA-v39h-62p7-jpjc (fast-uri host confusion, patched in >=3.1.2)

Remaining 6 vulnerabilities (1 low, 5 moderate) are in transitive deps
without direct override paths and do not affect production runtime.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-13 12:48:02 +00:00

fix: resolve 2 high-severity fast-uri CVEs in dev dependencies (PRI-521) #159

1 Commits