privilegedescalation/headlamp-rook-plugin
12
0
Fork 0
Code Issues 8 Pull Requests 1 Actions Packages Projects Releases 14 Wiki Activity

Compare commits

merge into: privilegedescalation/headlamp-rook-plugin:pr-38
Branches Tags
privilegedescalation/headlamp-rook-plugin:main privilegedescalation/headlamp-rook-plugin:gandalf/fix-echo-printf-pri-1757 privilegedescalation/headlamp-rook-plugin:dev privilegedescalation/headlamp-rook-plugin:gandalf/pri-1749-inline-release privilegedescalation/headlamp-rook-plugin:gandalf/pri-1750-inline-workflows privilegedescalation/headlamp-rook-plugin:gandalf/remove-installation-policy privilegedescalation/headlamp-rook-plugin:gandalf/pri-1636-inline-dual-approval privilegedescalation/headlamp-rook-plugin:inline-ci-edb7f04a privilegedescalation/headlamp-rook-plugin:uat privilegedescalation/headlamp-rook-plugin:gandalf/fix-pnpm-ignored-builds privilegedescalation/headlamp-rook-plugin:gandalf/fix-ci-lockfile privilegedescalation/headlamp-rook-plugin:hugh/normalize-e2e-workflow-to-main privilegedescalation/headlamp-rook-plugin:gandalf/fix-storage-classes-test privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-pri-935-storage-classes-button-role privilegedescalation/headlamp-rook-plugin:hugh/fix-configmap-naming-pri-907 privilegedescalation/headlamp-rook-plugin:hugh/fix-e2e-deploy-step-pri-956 privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-pri-879 privilegedescalation/headlamp-rook-plugin:hugh/fix-e2e-plugin-name-20260506123605 privilegedescalation/headlamp-rook-plugin:hugh/fix-e2e-ref privilegedescalation/headlamp-rook-plugin:fix/elliptic-override-ghsa-848j-6mx2-7j84 privilegedescalation/headlamp-rook-plugin:gandalf/e2e-fix privilegedescalation/headlamp-rook-plugin:gandalf/fix-flaky-storage-class privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-rbac-cluster-scoped-permissions privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-storage-class-selector privilegedescalation/headlamp-rook-plugin:fix/elliptic-vulnerability-override privilegedescalation/headlamp-rook-plugin:e2e-infra-sync privilegedescalation/headlamp-rook-plugin:gandalf/add-e2e-infra privilegedescalation/headlamp-rook-plugin:gandalf/consolidate-e2e-pr privilegedescalation/headlamp-rook-plugin:pr-38 privilegedescalation/headlamp-rook-plugin:fix-lodash privilegedescalation/headlamp-rook-plugin:release/v1.0.1
privilegedescalation/headlamp-rook-plugin:v1.0.2 privilegedescalation/headlamp-rook-plugin:v1.0.1 privilegedescalation/headlamp-rook-plugin:v1.0.0 privilegedescalation/headlamp-rook-plugin:v0.2.8 privilegedescalation/headlamp-rook-plugin:v0.2.7 privilegedescalation/headlamp-rook-plugin:v0.2.6 privilegedescalation/headlamp-rook-plugin:v0.2.5 privilegedescalation/headlamp-rook-plugin:v0.2.4 privilegedescalation/headlamp-rook-plugin:v0.2.2 privilegedescalation/headlamp-rook-plugin:v0.2.1 privilegedescalation/headlamp-rook-plugin:v0.2.0 privilegedescalation/headlamp-rook-plugin:v0.1.3 privilegedescalation/headlamp-rook-plugin:v0.1.2 privilegedescalation/headlamp-rook-plugin:v0.1.1
..
pull from: privilegedescalation/headlamp-rook-plugin:fix-lodash
Branches Tags
privilegedescalation/headlamp-rook-plugin:gandalf/fix-echo-printf-pri-1757 privilegedescalation/headlamp-rook-plugin:dev privilegedescalation/headlamp-rook-plugin:gandalf/pri-1749-inline-release privilegedescalation/headlamp-rook-plugin:gandalf/pri-1750-inline-workflows privilegedescalation/headlamp-rook-plugin:main privilegedescalation/headlamp-rook-plugin:gandalf/remove-installation-policy privilegedescalation/headlamp-rook-plugin:gandalf/pri-1636-inline-dual-approval privilegedescalation/headlamp-rook-plugin:inline-ci-edb7f04a privilegedescalation/headlamp-rook-plugin:uat privilegedescalation/headlamp-rook-plugin:gandalf/fix-pnpm-ignored-builds privilegedescalation/headlamp-rook-plugin:gandalf/fix-ci-lockfile privilegedescalation/headlamp-rook-plugin:hugh/normalize-e2e-workflow-to-main privilegedescalation/headlamp-rook-plugin:gandalf/fix-storage-classes-test privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-pri-935-storage-classes-button-role privilegedescalation/headlamp-rook-plugin:hugh/fix-configmap-naming-pri-907 privilegedescalation/headlamp-rook-plugin:hugh/fix-e2e-deploy-step-pri-956 privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-pri-879 privilegedescalation/headlamp-rook-plugin:hugh/fix-e2e-plugin-name-20260506123605 privilegedescalation/headlamp-rook-plugin:hugh/fix-e2e-ref privilegedescalation/headlamp-rook-plugin:fix/elliptic-override-ghsa-848j-6mx2-7j84 privilegedescalation/headlamp-rook-plugin:gandalf/e2e-fix privilegedescalation/headlamp-rook-plugin:gandalf/fix-flaky-storage-class privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-rbac-cluster-scoped-permissions privilegedescalation/headlamp-rook-plugin:gandalf/fix-e2e-storage-class-selector privilegedescalation/headlamp-rook-plugin:fix/elliptic-vulnerability-override privilegedescalation/headlamp-rook-plugin:e2e-infra-sync privilegedescalation/headlamp-rook-plugin:gandalf/add-e2e-infra privilegedescalation/headlamp-rook-plugin:gandalf/consolidate-e2e-pr privilegedescalation/headlamp-rook-plugin:pr-38 privilegedescalation/headlamp-rook-plugin:fix-lodash privilegedescalation/headlamp-rook-plugin:release/v1.0.1
privilegedescalation/headlamp-rook-plugin:v1.0.2 privilegedescalation/headlamp-rook-plugin:v1.0.1 privilegedescalation/headlamp-rook-plugin:v1.0.0 privilegedescalation/headlamp-rook-plugin:v0.2.8 privilegedescalation/headlamp-rook-plugin:v0.2.7 privilegedescalation/headlamp-rook-plugin:v0.2.6 privilegedescalation/headlamp-rook-plugin:v0.2.5 privilegedescalation/headlamp-rook-plugin:v0.2.4 privilegedescalation/headlamp-rook-plugin:v0.2.2 privilegedescalation/headlamp-rook-plugin:v0.2.1 privilegedescalation/headlamp-rook-plugin:v0.2.0 privilegedescalation/headlamp-rook-plugin:v0.1.3 privilegedescalation/headlamp-rook-plugin:v0.1.2 privilegedescalation/headlamp-rook-plugin:v0.1.1

2 Commits
pr-38 .. fix-lodash

Author SHA1 Message Date
Chris Farhood 9836b5d070 Regenerate lockfile for lodash override 
- Explicitly add lodash@4.18.1 to ensure override is respected
- Regenerated pnpm-lock.yaml with resolved lodash@4.18.1 (CVE fix)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-03 18:28:22 +00:00
Gandalf the Greybeard 6c1fdec0f6 fix: override lodash >=4.18.0 to patch code injection vulnerability 
GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash
below 4.18.0. The vulnerable transitive dependency comes through
@kinvolk/headlamp-plugin.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-23 10:58:22 +00:00
2 changed files with 635 additions and 1050 deletions
Expand all files Collapse all files
package.json
+1 -2
View File
@@ -47,7 +47,6 @@
"overrides": {
"tar": "^7.5.11",
"undici": "^7.24.3",
"vite": ">=6.4.2",
"lodash": ">=4.18.0"
}
}
}
pnpm-lock.yaml
Generated
+634 -1048
View File
File diff suppressed because it is too large Load Diff