Skip to content

fix(security): update flatted override to >=3.4.2#3010

Open
fro-bot wants to merge 1 commit intomainfrom
security/flatted-3.4.2-override
Open

fix(security): update flatted override to >=3.4.2#3010
fro-bot wants to merge 1 commit intomainfrom
security/flatted-3.4.2-override

Conversation

@fro-bot
Copy link
Owner

@fro-bot fro-bot commented Mar 22, 2026

Summary

Addresses GHSA-7rjr-3q8v-gx5v (HIGH severity) - Prototype Pollution via parse() in flatted.

Vulnerability: Aregular expression in the parse() function of flatted version <= 3.4.1 can be exploited for prototype pollution, potentially allowing attackers to modify the global object prototype, leading to denial of service or arbitrary code execution.

Fix: Updates the pnpm override from >=3.4.0 to >=3.4.2 to ensure the patched version is used.

Changes

  • Updated pnpm.overrides.flatted from >=3.4.0 to >=3.4.2- Regenerated pnpm-lock.yaml

References

Test Plan

  • pnpm check-types passes
  • pnpm lint passes
  • pnpm check-format passes

@fro-bot
fix(security): update flatted override to >=3.4.2
0d1b94c 
Addresses GHSA-7rjr-3q8v-gx5v (HIGH severity)
Prototype Pollution via parse() in flatted.

The vulnerability affects versions <= 3.4.1.
This updates the pnpm override from >=3.4.0 to >=3.4.2.
@fro-bot fro-bot requested a review from marcusrbrown as a code owner March 22, 2026 05:09
This was referenced Mar 22, 2026
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcusrbrown marcusrbrown Awaiting requested review from marcusrbrown marcusrbrown is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fro-bot