Skip to content

Upgrade flatted version from 3.1.1 to 3.4.2#7890

Merged
acwhite211 merged 1 commit intomainfrom
issue-7889
Apr 10, 2026
Merged

Upgrade flatted version from 3.1.1 to 3.4.2#7890
acwhite211 merged 1 commit intomainfrom
issue-7889

Conversation

@acwhite211
Copy link
Copy Markdown
Member

@acwhite211 acwhite211 commented Apr 2, 2026
edited
Loading

Fixes #7889
Fixes https://github.com/specify/specify7/security/dependabot/202

Upgrade dependent flatted version from 3.1.1 to 3.4.2 in the package-lock.json file. This will fix the packages that are dependent on the flatted package.

Checklist

  • Self-review the PR after opening it to make sure the changes look good and
    self-explanatory (or properly documented)
  • Add relevant issue to release milestone
  • Add pr to documentation list

Testing instructions

  • Light general testing. The upgraded module affects handling json data, so sampling random pages to make sure that they load without errors is sufficient.

@acwhite211 acwhite211 added this to the 7.12.1 milestone Apr 2, 2026
@github-project-automation github-project-automation bot moved this to 📋Back Log in General Tester Board Apr 2, 2026
@acwhite211 acwhite211 requested review from a team April 2, 2026 16:30
@acwhite211 acwhite211 marked this pull request as ready for review April 2, 2026 16:42
emenslin
emenslin approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@emenslin emenslin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Light general testing. The upgraded module affects handling json data, so sampling random pages to make sure that they load without errors is sufficient.

Looks good, I didn't run into any issues

@emenslin emenslin requested a review from a team April 2, 2026 17:08
Iwantexpresso
Iwantexpresso approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Iwantexpresso Iwantexpresso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Light general testing. The upgraded module affects handling json data, so sampling random pages to make sure that they load without errors is sufficient.

I have not ran into any issues!

@CarolineDenis CarolineDenis requested a review from alesan99 April 6, 2026 07:34
@acwhite211 acwhite211 merged commit 0c0502a into main Apr 10, 2026
14 checks passed
@acwhite211 acwhite211 deleted the issue-7889 branch April 10, 2026 00:59
@github-project-automation github-project-automation bot moved this from 📋Back Log to ✅Done in General Tester Board Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Iwantexpresso Iwantexpresso Iwantexpresso approved these changes

@CarolineDenis CarolineDenis CarolineDenis approved these changes

@emenslin emenslin emenslin approved these changes

@alesan99 alesan99 Awaiting requested review from alesan99

Assignees

No one assigned

Labels

None yet

Projects

General Tester Board
Status: ✅Done

Milestone

7.12.1

Development

Successfully merging this pull request may close these issues.

Solve prototype pollution via parse() in NodeJS with flatted version upgrade

4 participants

@acwhite211 @Iwantexpresso @CarolineDenis @emenslin