chore(deps-dev): bump flatted from 3.3.1 to 3.4.2 in /docs/guides/examples/counter-dapp/frontend#912
Conversation
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.1 to 3.4.2. - [Commits](WebReflection/flatted@v3.3.1...v3.4.2) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
PR SummaryLow Risk Overview As part of the lockfile regeneration, it also updates metadata for Rollup’s platform-specific optional packages (removing their Written by Cursor Bugbot for commit 0156e18. This will update automatically on new commits. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "cpu": [ | ||
| "arm" | ||
| ], | ||
| "dev": true, |
There was a problem hiding this comment.
Rollup packages incorrectly lose dev-only classification
Low Severity
The lockfile regeneration for the flatted bump has a side effect: "dev": true was removed from all 16 @rollup/rollup-* platform-specific optional packages. These are build-tool binaries used only through vite (a devDependency), so they belong in the dev dependency tree. Without the dev flag, they'll be unnecessarily installed during production-only installs (npm install --omit=dev), increasing install time and size in production environments.
Additional Locations (1)
Bumps flatted from 3.3.1 to 3.4.2.
Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.