From e20af6df40cc866f30fd3f651f09c91fd32bea5d Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 17 Mar 2026 09:45:25 +0100 Subject: [PATCH] fix(deps): override flatted to 3.4.1 to fix unbounded recursion DoS Adds pnpm override for flatted to resolve GHSA-25h7-pfq9-p65f. --- frontend/package.json | 3 ++- frontend/pnpm-lock.yaml | 11 ++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/frontend/package.json b/frontend/package.json index 53a99cc0d..7afb17590 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -168,7 +168,8 @@ "minimatch": "^10.2.3", "rollup": "$rollup", "basic-ftp": "5.2.0", - "serialize-javascript": "^7.0.3" + "serialize-javascript": "^7.0.3", + "flatted": "^3.4.1" } } } diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml index 8e731b139..65e32b007 100644 --- a/frontend/pnpm-lock.yaml +++ b/frontend/pnpm-lock.yaml @@ -9,6 +9,7 @@ overrides: rollup: 4.59.0 basic-ftp: 5.2.0 serialize-javascript: ^7.0.3 + flatted: ^3.4.1 importers: @@ -3976,8 +3977,8 @@ packages: flatpickr@4.6.13: resolution: {integrity: sha512-97PMG/aywoYpB4IvbvUJi0RQi8vearvU0oov1WW3k0WZPBMrTQVqekSX5CjSG/M4Q3i6A/0FKXC7RyAoAUUSPw==} - flatted@3.3.3: - resolution: {integrity: sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==} + flatted@3.4.1: + resolution: {integrity: sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==} flexsearch@0.8.212: resolution: {integrity: sha512-wSyJr1GUWoOOIISRu+X2IXiOcVfg9qqBRyCPRUdLMIGJqPzMo+jMRlvE83t14v1j0dRMEaBbER/adQjp6Du2pw==} @@ -10769,18 +10770,18 @@ snapshots: flat-cache@4.0.1: dependencies: - flatted: 3.3.3 + flatted: 3.4.1 keyv: 4.5.4 flat-cache@6.1.20: dependencies: cacheable: 2.3.2 - flatted: 3.3.3 + flatted: 3.4.1 hookified: 1.15.1 flatpickr@4.6.13: {} - flatted@3.3.3: {} + flatted@3.4.1: {} flexsearch@0.8.212: {}