From d1ac33944a6fa51716208d2cd5427ab94fe5690e Mon Sep 17 00:00:00 2001 From: Andriy Lysyuk Date: Sun, 22 Mar 2026 09:30:50 +0100 Subject: [PATCH] fix(security): bump flatted to 3.4.2 (ENG-13143) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - flatted 3.3.3 → 3.4.2 via overrides in examples/js/package.json (GHSA-rf6f-7fwh-wjgh, CVE-2026-33228, HIGH) Prototype Pollution via parse() Also resolves GHSA-25h7-pfq9-p65f (DoS via unbounded recursion, fixed 3.3.4) --- examples/js/package-lock.json | 6 +++--- examples/js/package.json | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/js/package-lock.json b/examples/js/package-lock.json index df3a0b55..908d43fc 100644 --- a/examples/js/package-lock.json +++ b/examples/js/package-lock.json @@ -1397,9 +1397,9 @@ } }, "node_modules/flatted": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz", - "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==", + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz", + "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==", "dev": true, "license": "ISC" }, diff --git a/examples/js/package.json b/examples/js/package.json index 4643dca0..db868a48 100644 --- a/examples/js/package.json +++ b/examples/js/package.json @@ -25,6 +25,7 @@ }, "overrides": { "axios": ">=1.13.5", + "flatted": "^3.4.2", "minimatch": "^3.1.3" } }