Skip to content

build(deps): bump flatted from 3.2.6 to 3.4.2 in /addons#1259

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/addons/flatted-3.4.2
Closed

build(deps): bump flatted from 3.2.6 to 3.4.2 in /addons#1259
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/addons/flatted-3.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2026
edited
Loading

Bumps flatted from 3.2.6 to 3.4.2.

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 20, 2026
@meta-cla meta-cla bot added the CLA Signed label Mar 20, 2026
@meta-codesync
Copy link
Copy Markdown

meta-codesync bot commented Mar 20, 2026

@facebook-github-bot has imported this pull request. If you are a Meta employee, you can view this in D97544450. (Because this pull request was imported automatically, there will not be any future comments.)

@dependabot dependabot bot changed the title Bump flatted from 3.2.6 to 3.4.2 in /addons build(deps): bump flatted from 3.2.6 to 3.4.2 in /addons Mar 30, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/addons/flatted-3.4.2 branch from bd3ff47 to 154d7e9 Compare March 30, 2026 15:49
@facebook-github-tools
Copy link
Copy Markdown

facebook-github-tools bot commented Mar 30, 2026

@dependabot[bot] has updated the pull request. You must reimport the pull request before landing.

@dependabot
Bump flatted from 3.2.6 to 3.4.2 in /addons
ced7584 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.2.6 to 3.4.2.
- [Commits](WebReflection/flatted@v3.2.6...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/addons/flatted-3.4.2 branch from 154d7e9 to ced7584 Compare March 30, 2026 19:22
@facebook-github-tools
Copy link
Copy Markdown

facebook-github-tools bot commented Mar 30, 2026

@dependabot[bot] has updated the pull request. You must reimport the pull request before landing.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 2, 2026

Looks like flatted is no longer a dependency, so this is no longer needed.

@dependabot dependabot bot closed this Apr 2, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/addons/flatted-3.4.2 branch April 2, 2026 17:44
meta-codesync bot pushed a commit that referenced this pull request Apr 7, 2026
@bherila @meta-codesync
Bump vulnerable npm dependencies across all lockfiles (#1268)
472349a 
Summary:
Add yarn resolutions to force minimum safe versions for transitive
dependencies with known security vulnerabilities (dependabot alerts).

website/yarn.lock: babel/runtime (>=7.26.10), ajv (>=8.18.0),
brace-expansion (>=1.1.13), dompurify (>=3.3.2), flatted (>=3.4.2),
minimatch (>=3.1.4), picomatch (>=2.3.2), qs (>=6.14.2),
serialize-javascript (>=7.0.5), svgo (>=3.3.3), yaml (>=1.10.3)

addons/yarn.lock: babel/helpers (>=7.26.10), ajv (>=6.14.0),
flatted (>=3.4.2), handlebars (>=4.7.9), immutable (>=4.3.8),
picomatch (>=4.0.4), rollup (>=4.59.0), tmp (>=0.2.4), yaml (>=2.8.3)

contrib/yarn.lock: tootallnate/once (>=3.0.1),
serialize-javascript (>=7.0.5), underscore (>=1.13.8)

website/src/plugins/sapling-output/yarn.lock: minimatch (>=3.1.5)

addons/screenshot-tool/yarn.lock: basic-ftp (>=5.2.0),
minimatch (>=3.1.3)

Closes #1268
Closes #1267
Closes #1266
Closes #1265
Closes #1264
Closes #1263
Closes #1262
Closes #1259
Closes #1258
Closes #1245
Closes #1244
Closes #1243
Closes #1236
Closes #1234
Closes #1233
Closes #1232
Closes #1230
Closes #1222
Closes #1218

Differential Revision: D99231774

fbshipit-source-id: 4a11f9902ab34c8ad24d24f88206af74cc36a478
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CLA Signed dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants