Home Explore Help
Sign In
yunoadmin
/
bambuddy
mirror of https://github.com/maziggy/bambuddy
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Bump flatted 3.4.1 → 3.4.2 to fix prototype pollution

  Fixes GHSA-rf6f-7fwh-wjgh (CWE-1321). Dev-only dependency via
  eslint → file-entry-cache → flat-cache → flatted.
maziggy 2 months ago
parent
89bf138473
commit
cbecdd18f4
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      CHANGELOG.md

+ 1 - 0
CHANGELOG.md
View File 

@@ -50,6 +50,7 @@ All notable changes to Bambuddy will be documented in this file.
 
 ### Security
 
 - **Bump pyOpenSSL 25.3.0 → 26.0.0** — Fixes CVE-2026-27448 (exception swallowing in TLS servername callback) and CVE-2026-27459 (buffer overflow in DTLS cookie callback).
 
 - **Bump pyasn1 0.6.2 → 0.6.3** — Fixes CVE-2026-30922 (stack overflow from deeply nested ASN.1 structures).
 
+- **Bump flatted 3.4.1 → 3.4.2** — Fixes GHSA-rf6f-7fwh-wjgh (prototype pollution via `parse()`). Dev-only dependency (eslint).
 
 
 
 ## [0.2.2] - 2026-03-16