From 4afa37ac8d5812f7b9cffe6270898d590e81a9b1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 16 Jun 2026 16:23:29 +0000
Subject: [PATCH] fix: update flatted to 3.4.2 to fix prototype pollution
 (GHSA-rf6f-7fwh-wjgh)

---
 package-lock.json | 9 +++++----
 package.json      | 1 +
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 98eb420..083425e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,7 @@
         "@actions/github": "^6.0.0",
         "@actions/io": "^1.1.3",
         "@actions/tool-cache": "^2.0.1",
+        "flatted": "^3.4.2",
         "uuid": "^9.0.1"
       },
       "devDependencies": {
@@ -3590,10 +3591,10 @@
       }
     },
     "node_modules/flatted": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz",
-      "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==",
-      "dev": true
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+      "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
+      "license": "ISC"
     },
     "node_modules/for-each": {
       "version": "0.3.3",
diff --git a/package.json b/package.json
index 4b2b58a..2586d89 100644
--- a/package.json
+++ b/package.json
@@ -33,6 +33,7 @@
     "@actions/github": "^6.0.0",
     "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.1",
+    "flatted": "^3.4.2",
     "uuid": "^9.0.1"
   },
   "devDependencies": {