Skip to content

chore(deps): update eslint to fix flatted vulnerability#2575

Merged
Piyush-85 merged 2 commits intomainfrom
SEC-16542
Mar 31, 2026
Merged

chore(deps): update eslint to fix flatted vulnerability#2575
Piyush-85 merged 2 commits intomainfrom
SEC-16542

Conversation

@Piyush-85
Copy link
Copy Markdown
Contributor

@Piyush-85 Piyush-85 commented Mar 25, 2026

SEC-16542 Vulnerability Fix

Issue

Snyk vulnerability SEC-16542 in flatted package (versions 3.3.1, 3.3.3)

Root Cause

  • Vulnerable versions locked in pnpm-lock.yaml via: eslintfile-entry-cacheflat-cache@4.0.1flatted@^3.2.9
  • Lockfile resolved to vulnerable 3.3.x instead of fixed 3.4.2

Solution

Updated ESLint to 9.39.4 across all packages to force re-resolution of flatted to 3.4.2

Changes

Package Updates

Package ESLint Version Change
Root 9.20.0 → 9.39.4
e2e/test-app 8.x → 9.39.4
examples/with-next-intl Added 9.39.4
examples/with-shadcn 9.13.0 → 9.39.4
examples/with-mrrt 9.13.0 → 9.39.4

TypeScript Fixes (with-next-intl)

  • Replaced as any with as (typeof routing.locales)[number] in:
    • app/[locale]/layout.tsx:15
    • src/i18n/request.ts:10

Verification

  • ✅ All lockfiles show flatted@3.4.2
  • ✅ Build successful (root + all examples)
  • ✅ Lint successful (root + all examples)
  • ✅ No dependency overrides needed

Result

SEC-16542 vulnerability resolved across entire repository with clean dependency resolution.

@Piyush-85 Piyush-85 requested a review from a team as a code owner March 25, 2026 14:43
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 25, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.48%. Comparing base (6b272d1) to head (7568904).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2575   +/-   ##
=======================================
  Coverage   90.48%   90.48%           
=======================================
  Files          53       53           
  Lines        6684     6684           
  Branches     1403     1403           
=======================================
  Hits         6048     6048           
  Misses        624      624           
  Partials       12       12

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Piyush-85 Piyush-85 merged commit d1fe0b8 into main Mar 31, 2026
9 checks passed
@Piyush-85 Piyush-85 deleted the SEC-16542 branch March 31, 2026 10:25
This was referenced Apr 7, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frederikprijck frederikprijck frederikprijck approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Piyush-85 @codecov-commenter @frederikprijck