fix: add npm overrides for tar and undici security advisories #65

Merged

ghost merged 1 commits from fix/dep-security-overrides-tar-undici into main

2026-03-18 02:49:22 +00:00

Author	SHA1	Message	Date
Gandalf the Greybeard	f7d415e013	fix: add npm overrides for tar and undici security advisories The dependency tree through @kinvolk/headlamp-plugin constrains tar (via pluginctl) and undici (via cheerio/i18next-parser). While the lockfile currently resolves to patched versions, Dependabot cannot auto-update these transitive deps. Adding explicit overrides ensures tar>=7.5.11 and undici>=7.24.3 are always resolved, preventing future Dependabot failures. Fixes #64 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-18 02:44:24 +00:00

Author

SHA1

Message

Date

Gandalf the Greybeard

f7d415e013

fix: add npm overrides for tar and undici security advisories

The dependency tree through @kinvolk/headlamp-plugin constrains tar
(via pluginctl) and undici (via cheerio/i18next-parser). While the
lockfile currently resolves to patched versions, Dependabot cannot
auto-update these transitive deps. Adding explicit overrides ensures
tar>=7.5.11 and undici>=7.24.3 are always resolved, preventing
future Dependabot failures.

Fixes #64

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-18 02:44:24 +00:00

fix: add npm overrides for tar and undici security advisories #65

1 Commits