Skip to content

fix(deps): patch prototype pollution vulnerabilities in flatted and defu#385

Merged
skovhus merged 1 commit intomainfrom
fix/dependabot-security-alerts
Apr 10, 2026
Merged

fix(deps): patch prototype pollution vulnerabilities in flatted and defu#385
skovhus merged 1 commit intomainfrom
fix/dependabot-security-alerts

Conversation

@skovhus
Copy link
Copy Markdown
Owner

@skovhus skovhus commented Apr 10, 2026

Add pnpm overrides to resolve Dependabot alerts #12 (flatted >=3.4.2) and #22 (defu >=6.1.5). Both are transitive dev dependencies where upstream packages (flat-cache@4, tsdown) haven't published new versions bumping their ranges yet, so overrides are the appropriate fix.

@skovhus @claude
fix(deps): patch prototype pollution vulnerabilities in flatted and defu
52afe4d 
Add pnpm overrides to resolve Dependabot alerts #12 (flatted) and #22 (defu).
Both are transitive dev dependencies where upstream packages haven't bumped
their ranges yet.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 10, 2026

PR Preview Action v1.8.1

🚀 View preview at
https://skovhus.github.io/styled-components-to-stylex-codemod/pr-preview/pr-385/

Built to branch gh-pages at 2026-04-10 07:56 UTC.
Preview will be ready when the GitHub Pages deployment is complete.

@skovhus skovhus enabled auto-merge (squash) April 10, 2026 07:58
@skovhus skovhus merged commit e39f77c into main Apr 10, 2026
6 checks passed
@skovhus skovhus deleted the fix/dependabot-security-alerts branch April 10, 2026 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skovhus