diff --git a/osv-scanner.toml b/osv-scanner.toml
index 63f746a..6d593a8 100644
--- a/osv-scanner.toml
+++ b/osv-scanner.toml
@@ -73,3 +73,19 @@ reason = "tar@6.2.1 drive-relative path traversal; cpFromPod/cpToPod never calle
 [[IgnoredVulns]]
 id = "GHSA-r6q2-hw4h-h46w"
 reason = "tar@6.2.1 race condition on macOS APFS; cpFromPod/cpToPod never called from source code"
+
+[[IgnoredVulns]]
+id = "GHSA-2mjp-6q6p-2qxm"
+reason = "undici@5.29.0 HTTP smuggling via duplicate Content-Length; only makes requests with internally-constructed headers to trusted services"
+
+[[IgnoredVulns]]
+id = "GHSA-4992-7rv2-5pvq"
+reason = "undici@5.29.0 CRLF injection via upgrade option; upgrade option not used in this codebase"
+
+[[IgnoredVulns]]
+id = "GHSA-v9p9-hfj2-hcw8"
+reason = "undici@5.29.0 WebSocket crash via invalid server param; no WebSocket connections to untrusted servers"
+
+[[IgnoredVulns]]
+id = "GHSA-vrm6-8vpv-qv8q"
+reason = "undici@5.29.0 WebSocket decompression bomb; no WebSocket connections to untrusted servers"
diff --git a/yarn.lock b/yarn.lock
index 81373e0..affa3a8 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -4583,9 +4583,9 @@ flat-cache@^3.0.4:
     rimraf "^3.0.2"
 
 flatted@^3.1.0:
-  version "3.2.7"
-  resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.2.7.tgz#609f39207cb614b89d0765b477cb2d437fbf9787"
-  integrity sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ==
+  version "3.4.1"
+  resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.4.1.tgz#84ccd9579e76e9cc0d246c11d8be0beb019143e6"
+  integrity sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==
 
 follow-redirects@^1.15.11:
   version "1.15.11"