fix: add elliptic override for GHSA-848j-6mx2-7j84 (#70)
Add pnpm.overrides.elliptic to prevent version regression on the transitive elliptic vulnerability (CVE-2025-14505). Vulnerability path: @kinvolk/headlamp-plugin → vite-plugin-node-polyfills → node-stdlib-browser → crypto-browserify → browserify-sign → elliptic Note: pnpm audit will still report the vulnerability until upstream publishes elliptic 6.6.2+. This override safeguards against pulling a worse version. Co-authored-by: Chris Farhood <chris@farhood.org> Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #70.
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
e212e601a9
commit
84c947ed69
+2
-1
@@ -53,7 +53,8 @@
|
||||
"tar": "^7.5.11",
|
||||
"undici": "^7.24.3",
|
||||
"vite": ">=6.4.2",
|
||||
"lodash": ">=4.18.0"
|
||||
"lodash": ">=4.18.0",
|
||||
"elliptic": ">=6.6.1"
|
||||
},
|
||||
"dependencies": {
|
||||
"node-forge": "^1.4.0"
|
||||
|
||||
Reference in New Issue
Block a user