privilegedescalation/headlamp-tns-csi-plugin
Archived
12
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases 13 Wiki Activity
83 Commits 18 Branches 13 Tags
11cbe6d7e0f7157db3a9f0190a6dcd25d5e89dbc
Commit Graph

5 Commits

Author SHA1 Message Date
Chris Farhood 40949dd3b5 fix: drop bogus direct lodash devDependency that conflicted with override 
The rebase added "lodash": "4.18.1" as a direct devDependency alongside
the >=4.18.0 override, which npm rejects with EOVERRIDE during the
headlamp-plugin build step. The plugin source does not import lodash;
the override alone is sufficient to patch the transitive CVE.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-04 02:57:31 +00:00
Chris Farhood f3401bbea3 Regenerate lockfile for lodash override 
- Explicitly add lodash@4.18.1 to ensure override is respected
- Regenerated pnpm-lock.yaml with resolved lodash@4.18.1 (CVE fix)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-04 02:57:31 +00:00
privilegedescalation-engineer[bot] 0af2f24a27 fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#28) 
Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-03 17:44:12 +00:00
Gandalf the Greybeard dc981feaa4 fix(ci): add missing eslint/prettier/typescript devDeps, fix tsconfig types 
Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8,
typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does
not expose transitive bins, so these must be direct deps.

Remove vite/client and vite-plugin-svgr/client from tsconfig types; these
are transitive deps pnpm does not hoist and polaris plugin omits them.
 2026-03-24 21:49:17 +00:00
Gandalf the Greybeard 77586a98eb release: prepare v1.0.0 
- Bump version from 0.2.7 to 1.0.0 in package.json
- Add missing devDependencies: @mui/material, @types/react, @types/react-dom,
  notistack; upgrade vitest to ^3.2.4 (matching reference polaris plugin)
- Fix vitest.config.mts: add define block for process.env.NODE_ENV="test"
  to resolve act() errors in all 159 component tests
- Remove package-lock.json; adopt pnpm-lock.yaml as canonical lock file
- Update artifacthub-pkg.yml: version 1.0.0, new archive URL, TBD checksum,
  updated changes block describing this release
- Update CHANGELOG.md: add [1.0.0] - 2026-03-24 entry documenting test
  infrastructure fixes, dependency additions, post-0.2.7 CI/workflow changes;
  update version comparison links

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-24 21:29:47 +00:00