Regenerate lockfile for lodash override

- Explicitly add lodash@4.18.1 to ensure override is respected - Regenerated pnpm-lock.yaml with resolved lodash@4.18.1 (CVE fix) Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: override lodash >=4.18.0 to patch code injection vulnerability
2026-05-03 22:27:36 +00:00 · 2026-05-03 22:27:30 +00:00 · 2026-05-03 17:44:08 +00:00 · 2026-04-15 04:00:27 +00:00
3 changed files with 1069 additions and 649 deletions
@@ -1,4 +1,4 @@
-version: "1.0.1"
+version: "1.0.2"
 name: headlamp-rook-plugin
 displayName: Rook Plugin
 createdAt: "2026-02-18T00:00:00Z"
@@ -35,7 +35,7 @@ changes:
    description: "Renovate: extend org-level config preset and add pinDigests for SHA pinning of GitHub Actions"

 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-rook-plugin/releases/download/v1.0.1/rook-1.0.1.tar.gz"
-  headlamp/plugin/archive-checksum: sha256:fb8d61060fd1c7340dc8c23931dd471e1451aeea8369a033bfa8bf54cd032ebb
+  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-rook-plugin/releases/download/v1.0.2/rook-1.0.2.tar.gz"
+  headlamp/plugin/archive-checksum: sha256:4f16cec3297968c7eb06e475a1c175503abf17134bd411fc86be1f18d9d27a48
  headlamp/plugin/distro-compat: ""
  headlamp/plugin/version-compat: ">=0.20"
@@ -1,6 +1,6 @@
 {
  "name": "rook",
-  "version": "1.0.1",
+  "version": "1.0.2",
  "description": "Headlamp plugin for Rook-Ceph cluster visibility and CSI driver monitoring",
  "repository": {
    "type": "git",
@@ -35,6 +35,7 @@
    "@types/react-dom": "^18.0.0",
    "eslint": "^8.57.0",
    "jsdom": "^24.0.0",
+    "lodash": "4.18.1",
    "notistack": "^3.0.0",
    "prettier": "^2.8.8",
    "react": "^18.3.1",
@@ -45,6 +46,8 @@
  },
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "vite": ">=6.4.2",
+    "lodash": ">=4.18.0"
  }
-}
+}
Author	SHA1	Message	Date
Chris Farhood	62bab0ffc3	Regenerate lockfile for lodash override - Explicitly add lodash@4.18.1 to ensure override is respected - Regenerated pnpm-lock.yaml with resolved lodash@4.18.1 (CVE fix) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-03 22:27:36 +00:00
Chris Farhood	dd730cc4cd	fix: override lodash >=4.18.0 to patch code injection vulnerability Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-03 22:27:30 +00:00
privilegedescalation-engineer[bot]	d44ae043c3	fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#37 ) Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-03 17:44:08 +00:00
privilegedescalation-engineer[bot]	39ed3ea90a	release: v1.0.2 (#36 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-15 04:00:27 +00:00