fix(security): bump flatted 3.4.1 → 3.4.2 (ENG-13150)

[andriy-sudo]

Summary

Fixes prototype pollution vulnerability in flatted.

Package	Old	New	Advisory	CVSS	Status
flatted	3.4.1	3.4.2	GHSA-2cf8-mfxv-f6r3	7.5	✅ Fixed

Changes

• Added "flatted": "^3.4.2" to overrides in package.json
• Regenerated package-lock.json

Test plan

• vulnerability-check CI passes
• TruffleHog CI passes

Linear: ENG-13150

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 38b6609e-b315-4ced-a070-a40f3003e1b8

📥 Commits

Reviewing files that changed from the base of the PR and between a68cfad and 4d01fd2.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

---

📝 Walkthrough

Walkthrough

The package.json file was updated to add a dependency override for the flatted package, constraining it to version ^3.4.2. This override was added alongside the existing override for minimatch. The change modifies only the overrides configuration and does not affect other package metadata, dependency lists, or scripts.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: bumping flatted from 3.4.1 to 3.4.2 to fix a security vulnerability, with a clear reference to the ticket.
Description check	✅ Passed	The description is directly related to the changeset, providing context about the security vulnerability, package versions, and testing requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch andriy/ENG-13150-fix-flatted-cve-2026-33228

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}