build(deps): bump flatted from 3.2.2 to 3.4.2

[dependabot]

Bumps flatted from 3.2.2 to 3.4.2.

Commits

• 3bf0909 3.4.2
• 885ddcc fix CWE-1321
• 0bdba70 added flatted-view to the benchmark
• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

@dependabot merge

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 duplication

Metric	Results
Duplication	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This PR aims to upgrade the flatted library from 3.2.2 to 3.4.2 to mitigate a Prototype Pollution vulnerability (CWE-1321). While Codacy analysis reports that the change is 'up to standards', there are critical verification gaps.

The primary concern is that the current review context does not provide a visible diff for the version bump in the main dependency manifest, and there are no regression tests included to ensure that existing circular object parsing logic remains functional after the upgrade. These factors should be addressed before merging to ensure the security fix is properly applied and does not introduce breaking changes.

About this PR

• The version bump for 'flatted' in the manifest files cannot be verified from the current diff. Ensure that the version is correctly updated to 3.4.2 in both package.json and package-lock.json.
• There are no regression tests visible to confirm that the upgrade to version 3.4.2 does not break circular reference serialization/deserialization, which is the core functionality of this library.

Test suggestions

• Verify 'flatted' version bump in package.json and associated lock files.
• Execute regression tests for circular reference serialization/deserialization to ensure compatibility with version 3.4.2.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify 'flatted' version bump in package.json and associated lock files.
2. Execute regression tests for circular reference serialization/deserialization to ensure compatibility with version 3.4.2.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}