Skip to content

chore(deps-dev): bump devalue 5.6.3 → 5.6.4 (prototype pollution fix)#159

Closed
Copilot wants to merge 1 commit intodependabot/npm_and_yarn/npm_and_yarn-daaf7f4cc1from
copilot/sub-pr-152-6b1c0732-7511-4793-8cae-241bb4a9ecff
Closed

chore(deps-dev): bump devalue 5.6.3 → 5.6.4 (prototype pollution fix)#159
Copilot wants to merge 1 commit intodependabot/npm_and_yarn/npm_and_yarn-daaf7f4cc1from
copilot/sub-pr-152-6b1c0732-7511-4793-8cae-241bb4a9ecff

Conversation

Copy link
Contributor

Copilot AI commented Mar 12, 2026
edited
Loading

devalue 5.6.3 is vulnerable to prototype pollution via devalue.parse and devalue.unflatten (GHSA-cfw5-2vxh-hr84). 5.6.4 patches this.

Changes

  • package-lock.json (root): resolves devalue5.6.4
  • web/svelte/package-lock.json: resolves devalue5.6.4

Lock files only — no source changes.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Mar 12, 2026
Open
Copilot AI changed the title [WIP] Update npm_and_yarn group with devalue 5.6.4 chore(deps-dev): bump devalue 5.6.3 → 5.6.4 (prototype pollution fix) Mar 12, 2026
Copilot AI requested a review from kayodebristol March 12, 2026 23:37
@kayodebristol
Copy link
Contributor

kayodebristol commented Mar 12, 2026

Closing this PR to enforce the 1-PR-per-repo rule. Only one Copilot PR is allowed per repository at a time. The oldest PR (#151) will be kept active.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kayodebristol kayodebristol Awaiting requested review from kayodebristol

Assignees

@kayodebristol kayodebristol

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kayodebristol