Skip to content

fix: update flatted and other deps to resolve CVE-2026-27904#383

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/fix-cve-2026-27904-issue
Draft

fix: update flatted and other deps to resolve CVE-2026-27904#383
Copilot wants to merge 2 commits intomainfrom
copilot/fix-cve-2026-27904-issue

Conversation

Copy link
Copy Markdown

Copilot AI commented Mar 17, 2026
edited
Loading

CVE-2026-27904 (GHSA-25h7-pfq9-p65f, high) affects flatted <3.4.0 via unbounded recursion DoS in parse(). Two additional moderate-severity advisories were also present.

Dependency updates (package-lock.json only)

Package Before After Advisory Severity
flatted 3.3.3 3.4.2 GHSA-25h7-pfq9-p65f High
ajv <6.14.0 6.14.0 GHSA-2g4f-4pwh-qvx6 Moderate
markdown-it <14.1.1 14.1.1 GHSA-38c4-r59v-3vqw Moderate

All are transitive dev dependencies. Resolved via npm audit fix; npm audit now reports 0 vulnerabilities.

Original prompt

There is a high severity cve-2026-27904 in this repo. Please address the issue

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

@mimiflynn
fix: address CVE-2026-27904 by updating vulnerable dependencies via n…
9a990cc 
…pm audit fix

Co-authored-by: mimiflynn <414934+mimiflynn@users.noreply.github.com>
Copilot AI changed the title [WIP] [CVE-2026-27904] Fix high severity vulnerability fix: update flatted and other deps to resolve CVE-2026-27904 Mar 17, 2026
Copilot AI requested a review from mimiflynn March 17, 2026 19:16
@mimiflynn mimiflynn requested review from Copilot and removed request for mimiflynn March 24, 2026 12:54
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aidanm3341 aidanm3341 Awaiting requested review from aidanm3341

@Davidhanson90 Davidhanson90 Awaiting requested review from Davidhanson90

At least 1 approving review is required to merge this pull request.

Assignees

@mimiflynn mimiflynn

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mimiflynn