Skip to content

Fix CVE-2026-33228 by updating flatted to patched version#708

Draft
sbouchet wants to merge 1 commit into
che-incubator:mainfrom
sbouchet:CVE-2026-33228
Draft

Fix CVE-2026-33228 by updating flatted to patched version#708
sbouchet wants to merge 1 commit into
che-incubator:mainfrom
sbouchet:CVE-2026-33228

Conversation

@sbouchet
Copy link
Copy Markdown
Collaborator

@sbouchet sbouchet commented May 15, 2026

What does this PR do?

Add flatted ^3.4.2 override in code/package.json to fix prototype pollution vulnerability via parse(). Update rebase add rule accordingly.

What issues does this PR fix?

this PR fixes CVE-2026-33228

How to test this PR?

Does this PR contain changes that override default upstream Code-OSS behavior?

  • the PR contains changes in the code folder (you can skip it if your changes are placed in a che extension )
  • the corresponding items were added to the CHANGELOG.md file
  • rules for automatic git rebase were added to the .rebase folder

@sbouchet @claude
Fix CVE-2026-33228 by updating flatted to patched version
8f2986e 
Add flatted ^3.4.2 override in code/package.json to fix prototype
pollution vulnerability via parse(). Update rebase add rule accordingly.

Signed-off-by: Stephane Bouchet <sbouchet@redhat.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stephane Bouchet <sbouchet@redhat.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2026
edited
Loading

Click here to review and test in web IDE: Contribute

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2026

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-708-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-708-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-708-dev-amd64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rgrunber rgrunber Awaiting requested review from rgrunber rgrunber will be requested when the pull request is marked ready for review rgrunber is a code owner

@azatsarynnyy azatsarynnyy Awaiting requested review from azatsarynnyy azatsarynnyy will be requested when the pull request is marked ready for review azatsarynnyy is a code owner

@RomanNikitenko RomanNikitenko Awaiting requested review from RomanNikitenko RomanNikitenko will be requested when the pull request is marked ready for review RomanNikitenko is a code owner

@vitaliy-guliy vitaliy-guliy Awaiting requested review from vitaliy-guliy vitaliy-guliy will be requested when the pull request is marked ready for review vitaliy-guliy is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sbouchet