Skip to content

Bump flatted from 3.3.1 to 3.4.2#6418

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/flatted-3.4.2
Open

Bump flatted from 3.3.1 to 3.4.2#6418
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/flatted-3.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 25, 2026
edited
Loading

Bumps flatted from 3.3.1 to 3.4.2.

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 25, 2026
@dependabot dependabot Bot requested review from a team as code owners March 25, 2026 19:30
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 25, 2026
@dependabot dependabot Bot requested a review from ascorbic March 25, 2026 19:30
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 25, 2026

The generated output of @cloudflare/workers-types has been changed by this PR. If this is intentional, run just generate-types to update the snapshot. Alternatively, you can download the full generated types:

Full Type Diff 





      		
    

  





        


            

            
            

              
            

        

      


      

            
  
  

    
  
    
    

  

  

  


    












      

  
      



  

  @ascorbic






  



    

      

  

    

      

          
    
    

  


        
            
  
      
              Copy link

  

              
  
      
                Copy Markdown

  

        
      

    


    

        

  
    Contributor


        

    

  


  

    

      
          
      

      
            ascorbic
  

      

      

      commented


        Apr 15, 2026


      
    


  





      


        



  
    

      
          
@dependabot rebase


      		
    

  





        


            

            
            

              
            

        

      


      

            
  
  

    
  
    
    

  

  

  


    












      

  
          

  
  

  
      @dependabot
  dependabot
Bot

        force-pushed
    the
        
      
  dependabot/npm_and_yarn/flatted-3.4.2


    
 branch
    from
    4984841    to
    d8c6362      
    Compare
  



    April 15, 2026 13:08    
    









      

  
      



  

  @ascorbic






  



    

      

  

    

      

          
    
    

  


        
            
  
      
              Copy link

  

              
  
      
                Copy Markdown

  

        
      

    


    

        

  
    Contributor


        

    

  


  

    

      
          
      

      
            ascorbic
  

      

      

      commented


        Apr 20, 2026


      
    


  





      


        



  
    

      
          
@dependabot rebase


      		
    

  





        


            

            
            

              
            

        

      


      

            
  
  

    
  
    
    

  

  

  


    












      

  
        

  

      

  
  

  
          

  

    

      


  

      
        @dependabot
  




      

        
          Bump flatted from 3.3.1 to 3.4.2
        

          
                        
      


      

        

    
    
    

  

    


      


      

        

          

    
    
    

  

  

    
  



        

      


      

        
          1135d29
        
      

    

  

    

      
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.1 to 3.4.2.
- [Commits](WebReflection/flatted@v3.3.1...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

    







  








      

  
          

  
  

  
      @dependabot
  dependabot
Bot

        force-pushed
    the
        
      
  dependabot/npm_and_yarn/flatted-3.4.2


    
 branch
    from
    d8c6362    to
    1135d29      
    Compare
  



    April 20, 2026 09:08    
    




  



  
    
  
  

    

  ascorbic 

      added a commit
      that referenced
      this pull request

    
      Apr 20, 2026
    
    

      


  

    

      


  

      
        @ascorbic
  





      

        
          Gate googlesource cookie setup on cookie presence
        

          
            
          

      


      

          

    
    
    

  

      


      

          

    
    
    

  

  

    
  



      


      
      

        
          9fd16c0
        
      

    

  

    

      
The current check (head.repo.fork == false) lets Dependabot PRs through
because their branches live in-repo, but Dependabot-triggered workflows
don't have access to Actions secrets. GOOGLESOURCE_COOKIE ends up empty,
yet we still rewrite chromium.googlesource.com URLs to the authenticated
/a/ endpoint, which then fails every Bazel dependency fetch with
HTTP 400.

Gate on the input being non-empty instead. This naturally covers forks
(secrets not forwarded), Dependabot (no secret access), and local runs
(no cookie at all), falling back to the unauthenticated endpoint which
is slower / rate-limited but functional.

Fixes CI on Dependabot PRs, e.g. #6418.

    




    

  




  

  

    
  


  

      


    @ascorbic
ascorbic



    mentioned this pull request
    
      Apr 20, 2026
    





  


  

      
   Merged

  







  













  
  

    

      

  










  








  
      

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  










      

  

    
    

    

  

    Reviewers
  


    


      

          


  
      @ascorbic
  
    ascorbic


                Awaiting requested review from ascorbic

                    ascorbic is a code owner automatically assigned from cloudflare/wrangler

        
      


        

      At least 1 approving review is required to merge this pull request.
  








    
    
    

    

  


      
  

    Assignees
  



        


    No one assigned







      


  


  

    Labels
  



    

      

    dependencies

  Pull requests that update a dependency file
  

    javascript

  Pull requests that update Javascript code








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    

      
        

          
  

    Development
  



            


Successfully merging this pull request may close these issues.





  
  



      
    

  




      

    

  
        

  

    

      1 participant
    

    

        
          @ascorbic