headlamp-tns-csi-plugin

privilegedescalation/headlamp-tns-csi-plugin

Archived

Fork 0

Commit Graph

Author	SHA1	Message	Date
privilegedescalation-engineer[bot]	0af2f24a27	fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#28 ) Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-03 17:44:12 +00:00
Gandalf the Greybeard	dc981feaa4	fix(ci): add missing eslint/prettier/typescript devDeps, fix tsconfig types Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8, typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does not expose transitive bins, so these must be direct deps. Remove vite/client and vite-plugin-svgr/client from tsconfig types; these are transitive deps pnpm does not hoist and polaris plugin omits them.	2026-03-24 21:49:17 +00:00
Gandalf the Greybeard	77586a98eb	release: prepare v1.0.0 - Bump version from 0.2.7 to 1.0.0 in package.json - Add missing devDependencies: @mui/material, @types/react, @types/react-dom, notistack; upgrade vitest to ^3.2.4 (matching reference polaris plugin) - Fix vitest.config.mts: add define block for process.env.NODE_ENV="test" to resolve act() errors in all 159 component tests - Remove package-lock.json; adopt pnpm-lock.yaml as canonical lock file - Update artifacthub-pkg.yml: version 1.0.0, new archive URL, TBD checksum, updated changes block describing this release - Update CHANGELOG.md: add [1.0.0] - 2026-03-24 entry documenting test infrastructure fixes, dependency additions, post-0.2.7 CI/workflow changes; update version comparison links Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-24 21:29:47 +00:00

Author

SHA1

Message

Date

privilegedescalation-engineer[bot]

0af2f24a27

fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#28 )

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-03 17:44:12 +00:00

Gandalf the Greybeard

dc981feaa4

fix(ci): add missing eslint/prettier/typescript devDeps, fix tsconfig types

Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8,
typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does
not expose transitive bins, so these must be direct deps.

Remove vite/client and vite-plugin-svgr/client from tsconfig types; these
are transitive deps pnpm does not hoist and polaris plugin omits them.

2026-03-24 21:49:17 +00:00

Gandalf the Greybeard

77586a98eb

release: prepare v1.0.0

- Bump version from 0.2.7 to 1.0.0 in package.json
- Add missing devDependencies: @mui/material, @types/react, @types/react-dom,
  notistack; upgrade vitest to ^3.2.4 (matching reference polaris plugin)
- Fix vitest.config.mts: add define block for process.env.NODE_ENV="test"
  to resolve act() errors in all 159 component tests
- Remove package-lock.json; adopt pnpm-lock.yaml as canonical lock file
- Update artifacthub-pkg.yml: version 1.0.0, new archive URL, TBD checksum,
  updated changes block describing this release
- Update CHANGELOG.md: add [1.0.0] - 2026-03-24 entry documenting test
  infrastructure fixes, dependency additions, post-0.2.7 CI/workflow changes;
  update version comparison links

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-24 21:29:47 +00:00

3 Commits