Skip to content

SCAN4NET-1149 Bump flatted from 3.3.1 to 3.4.2 in /its/projects/MultiLanguageSupportReact/ClientApp#3086

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/its/projects/MultiLanguageSupportReact/ClientApp/flatted-3.4.2
Closed

SCAN4NET-1149 Bump flatted from 3.3.1 to 3.4.2 in /its/projects/MultiLanguageSupportReact/ClientApp#3086
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/its/projects/MultiLanguageSupportReact/ClientApp/flatted-3.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 20, 2026

Bumps flatted from 3.3.1 to 3.4.2.

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump flatted in /its/projects/MultiLanguageSupportReact/ClientApp
e9d680e 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.1 to 3.4.2.
- [Commits](WebReflection/flatted@v3.3.1...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2026
@dependabot dependabot Bot mentioned this pull request Mar 20, 2026
Closed
@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha Bot commented Mar 20, 2026
edited
Loading

Summary

This PR updates the flatted package from 3.3.1 to 3.4.2 in the MultiLanguageSupportReact ClientApp. The update includes a security fix for CWE-1321 (introduced in 3.4.2) along with minor improvements and bug fixes across 3.4.0–3.4.2 releases. Only package-lock.json is modified.

What reviewers should know

This is a routine dependency update. Review notes:

  • Security context: Version 3.4.2 patches CWE-1321. This is the key value of the update.
  • Scope: Changes are limited to one project's package-lock.json (auto-generated by npm). No code changes or new imports.
  • Compatibility: Dependabot shows a high compatibility score, indicating low risk of breakage.

No further testing is needed beyond standard CI checks — the package version change is purely additive.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod Bot changed the title Bump flatted from 3.3.1 to 3.4.2 in /its/projects/MultiLanguageSupportReact/ClientApp SCAN4NET-1149 Bump flatted from 3.3.1 to 3.4.2 in /its/projects/MultiLanguageSupportReact/ClientApp Mar 20, 2026
@hashicorp-vault-sonar-prod
Copy link
Copy Markdown

hashicorp-vault-sonar-prod Bot commented Mar 20, 2026
edited by atlassian Bot
Loading

SCAN4NET-1149

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 17, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/its/projects/MultiLanguageSupportReact/ClientApp/flatted-3.4.2 branch April 17, 2026 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alex-meseldzija-sonarsource