Regenerate lockfile for lodash override

Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: override lodash >=4.18.0 to patch code injection vulnerability
2026-05-03 18:15:36 +00:00 · 2026-04-23 10:58:21 +00:00 · 2026-04-15 04:01:28 +00:00 · 2026-04-15 03:51:04 +00:00 · 2026-04-15 03:29:59 +00:00
4 changed files with 1174 additions and 757 deletions
@@ -16,3 +16,5 @@ jobs:
  dual-approval:
    uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
    secrets: inherit
+    with:
+      pr_number: ${{ github.event.pull_request.number }}
@@ -1,6 +1,6 @@
 # Artifact Hub package metadata file
 # https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-pkg.yml
-version: "1.0.1"
+version: "1.0.2"
 name: headlamp-sealed-secrets
 displayName: Sealed Secrets
 createdAt: "2026-02-12T00:00:00Z"
@@ -19,8 +19,8 @@ keywords:
  - encryption
  - security
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v1.0.1/sealed-secrets-1.0.1.tar.gz"
-  headlamp/plugin/archive-checksum: sha256:a7935aac260dd08d1363321e8d2320d9f9feee74e47bf51d95a6df4bd33f7f16
+  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v1.0.2/sealed-secrets-1.0.2.tar.gz"
+  headlamp/plugin/archive-checksum: sha256:0eaf34d380d133120d3a50c890e0c96b23717427887b1f23377a841cb3783b11
  headlamp/plugin/version-compat: ">=0.13.0"
  headlamp/plugin/distro-compat: "desktop,in-cluster,web,docker-desktop"
 links:
@@ -73,4 +73,4 @@ maintainers:
 recommendations:
  - url: https://artifacthub.io/packages/helm/sealed-secrets/sealed-secrets
 provider:
-  name: privilegedescalation
+  name: privilegedescalation
@@ -1,6 +1,6 @@
 {
  "name": "sealed-secrets",
-  "version": "1.0.1",
+  "version": "1.0.2",
  "description": "Headlamp plugin for Bitnami Sealed Secrets - manage encrypted Kubernetes secrets",
  "files": [
    "dist",
@@ -51,7 +51,8 @@
  ],
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "lodash": ">=4.18.0"
  },
  "dependencies": {
    "node-forge": "^1.4.0"
Author	SHA1	Message	Date
Chris Farhood	2789b6eb47	Regenerate lockfile for lodash override Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-03 18:15:36 +00:00
Gandalf the Greybeard	5cbf0af261	fix: override lodash >=4.18.0 to patch code injection vulnerability GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash below 4.18.0. The vulnerable transitive dependency comes through @kinvolk/headlamp-plugin. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-23 10:58:21 +00:00
privilegedescalation-engineer[bot]	780f58f9d9	release: v1.0.2 (#50 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-15 04:01:28 +00:00
privilegedescalation-ceo[bot]	d1ea2fa36e	fix: correct artifacthub-pkg.yml checksum on main for v1.0.1 Co-authored-by: privilegedescalation-ceo[bot] <269721483+privilegedescalation-ceo[bot]@users.noreply.github.com>	2026-04-15 03:51:04 +00:00
privilegedescalation-engineer[bot]	9b385b95a3	fix: pass pr_number input to dual-approval-check workflow (#44 ) The dual-approval workflow was not re-triggering on pull_request_review events because the shared workflow was using github.event.pull_request.number which is not available in workflow_call context. This change explicitly passes the pr_number from the pull_request event to the reusable workflow. Co-authored-by: Hugh Hackman <hugh@privilegedescalation.dev> Co-authored-by: Paperclip <noreply@paperclip.ing>	2026-04-15 03:29:59 +00:00