Skip to content

chore(deps-dev): bump flatted from 3.3.3 to 3.4.2#11638

Merged
RomneyDa merged 1 commit intomainfrom
dependabot/npm_and_yarn/flatted-3.4.2
Mar 19, 2026
Merged

chore(deps-dev): bump flatted from 3.3.3 to 3.4.2#11638
RomneyDa merged 1 commit intomainfrom
dependabot/npm_and_yarn/flatted-3.4.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026
edited by cubic-dev-ai bot
Loading

Bumps flatted from 3.3.3 to 3.4.2.

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by cubic

Update dev dependency flatted from 3.3.3 to 3.4.2 to include a security fix (CWE-1321) and minor maintenance. Only package-lock.json changes; no runtime impact.

Written for commit 128916d. Summary will update on new commits.

@dependabot
chore(deps-dev): bump flatted from 3.3.3 to 3.4.2
128916d 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2.
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 19, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 19, 2026 22:43
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 19, 2026
@dependabot dependabot bot requested review from Patrick-Erichsen and removed request for a team March 19, 2026 22:43
@dependabot dependabot bot added the javascript Pull requests that update Javascript code label Mar 19, 2026
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Mar 19, 2026
@continue
Copy link
Contributor

continue bot commented Mar 19, 2026

Docs Review: No documentation update needed.

This PR bumps a dev dependency (flatted 3.3.3 → 3.4.2) in package-lock.json. This change is internal to the build/tooling and has no impact on user-facing features, APIs, or developer workflows.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 19, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Mar 19, 2026
@github-project-automation github-project-automation bot moved this from Todo to In Progress in Issues and PRs Mar 19, 2026
@RomneyDa RomneyDa merged commit ccc5047 into main Mar 19, 2026
66 of 67 checks passed
@RomneyDa RomneyDa deleted the dependabot/npm_and_yarn/flatted-3.4.2 branch March 19, 2026 23:16
@github-project-automation github-project-automation bot moved this from In Progress to Done in Issues and PRs Mar 19, 2026
@github-actions github-actions bot locked and limited conversation to collaborators Mar 19, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@RomneyDa RomneyDa RomneyDa approved these changes

@Patrick-Erichsen Patrick-Erichsen Awaiting requested review from Patrick-Erichsen Patrick-Erichsen is a code owner automatically assigned from continuedev/continue-code-reviewers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

Issues and PRs
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RomneyDa