fix: patch hono security advisories

2026-04-16 11:41:08 +00:00 · 2026-04-08 18:02:45 +01:00
parent bae64bb188
commit 1979a28803
3 changed files with 23 additions and 21 deletions
--- a/package.json
+++ b/package.json
@@ -1344,7 +1344,7 @@
    "gaxios": "7.1.4",
    "google-auth-library": "^10.6.2",
    "grammy": "^1.42.0",
-    "hono": "4.12.10",
+    "hono": "4.12.12",
    "https-proxy-agent": "^9.0.0",
    "ipaddr.js": "^2.3.0",
    "jimp": "^1.6.0",
@@ -1420,8 +1420,8 @@
  "pnpm": {
    "overrides": {
      "@anthropic-ai/sdk": "0.81.0",
-      "hono": "4.12.10",
-      "@hono/node-server": "1.19.10",
+      "hono": "4.12.12",
+      "@hono/node-server": "1.19.13",
      "axios": "1.13.6",
      "defu": "6.1.5",
      "fast-xml-parser": "5.5.7",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -6,8 +6,8 @@ settings:

 overrides:
  '@anthropic-ai/sdk': 0.81.0
-  hono: 4.12.10
-  '@hono/node-server': 1.19.10
+  hono: 4.12.12
+  '@hono/node-server': 1.19.13
  axios: 1.13.6
  defu: 6.1.5
  fast-xml-parser: 5.5.7
@@ -50,7 +50,7 @@ importers:
        version: 1.1.0
      '@buape/carbon':
        specifier: 0.14.0
-        version: 0.14.0(@discordjs/opus@0.10.0)(hono@4.12.10)(opusscript@0.1.1)
+        version: 0.14.0(@discordjs/opus@0.10.0)(hono@4.12.12)(opusscript@0.1.1)
      '@clack/prompts':
        specifier: ^1.2.0
        version: 1.2.0
@@ -148,8 +148,8 @@ importers:
        specifier: ^1.42.0
        version: 1.42.0
      hono:
-        specifier: 4.12.10
-        version: 4.12.10
+        specifier: 4.12.12
+        version: 4.12.12
      https-proxy-agent:
        specifier: ^9.0.0
        version: 9.0.0
@@ -498,7 +498,7 @@ importers:
    dependencies:
      '@buape/carbon':
        specifier: 0.14.0
-        version: 0.14.0(@discordjs/opus@0.10.0)(hono@4.12.10)(opusscript@0.1.1)
+        version: 0.14.0(@discordjs/opus@0.10.0)(hono@4.12.12)(opusscript@0.1.1)
      '@discordjs/voice':
        specifier: ^0.19.2
        version: 0.19.2(@discordjs/opus@0.10.0)(@emnapi/core@1.8.1)(@emnapi/runtime@1.9.1)(opusscript@0.1.1)
@@ -1930,11 +1930,11 @@ packages:
    resolution: {integrity: sha512-2F9N/15Q/GnoBXimr8PFg7fb1QrAQBvuZpaW2kseWOOy14Lzc3yZB1mT9N1Ju/4hlkboU33uHxtOxZkvkPoE/w==}
    hasBin: true

-  '@hono/node-server@1.19.10':
-    resolution: {integrity: sha512-hZ7nOssGqRgyV3FVVQdfi+U4q02uB23bpnYpdvNXkYTRRyWx84b7yf1ans+dnJ/7h41sGL3CeQTfO+ZGxuO+Iw==}
+  '@hono/node-server@1.19.13':
+    resolution: {integrity: sha512-TsQLe4i2gvoTtrHje625ngThGBySOgSK3Xo2XRYOdqGN1teR8+I7vchQC46uLJi8OF62YTYA3AhSpumtkhsaKQ==}
    engines: {node: '>=18.14.1'}
    peerDependencies:
-      hono: 4.12.10
+      hono: 4.12.12

  '@huggingface/jinja@0.5.6':
    resolution: {integrity: sha512-MyMWyLnjqo+KRJYSH7oWNbsOn5onuIvfXYPcc0WOGxU0eHUV7oAYUoQTl2BMdu7ml+ea/bu11UM+EshbeHwtIA==}
@@ -5137,8 +5137,8 @@ packages:
  highlight.js@10.7.3:
    resolution: {integrity: sha512-tzcUFauisWKNHaRkN4Wjl/ZA07gENAjFl3J/c480dprkGTg5EQstgaNFqBfUqCq54kZRIEcreTsAgF/m2quD7A==}

-  hono@4.12.10:
-    resolution: {integrity: sha512-mx/p18PLy5og9ufies2GOSUqep98Td9q4i/EF6X7yJgAiIopxqdfIO3jbqsi3jRgTgw88jMDEzVKi+V2EF+27w==}
+  hono@4.12.12:
+    resolution: {integrity: sha512-p1JfQMKaceuCbpJKAPKVqyqviZdS0eUxH9v82oWo1kb9xjQ5wA6iP3FNVAPDFlz5/p7d45lO+BpSk1tuSZMF4Q==}
    engines: {node: '>=16.9.0'}

  hookable@6.1.0:
@@ -8034,14 +8034,14 @@ snapshots:
    dependencies:
      css-tree: 3.2.1

-  '@buape/carbon@0.14.0(@discordjs/opus@0.10.0)(hono@4.12.10)(opusscript@0.1.1)':
+  '@buape/carbon@0.14.0(@discordjs/opus@0.10.0)(hono@4.12.12)(opusscript@0.1.1)':
    dependencies:
      '@types/node': 25.5.2
      discord-api-types: 0.38.37
    optionalDependencies:
      '@cloudflare/workers-types': 4.20260120.0
      '@discordjs/voice': 0.19.0(@discordjs/opus@0.10.0)(opusscript@0.1.1)
-      '@hono/node-server': 1.19.10(hono@4.12.10)
+      '@hono/node-server': 1.19.13(hono@4.12.12)
      '@types/bun': 1.3.6
      '@types/ws': 8.18.1
      ws: 8.19.0
@@ -8383,9 +8383,9 @@ snapshots:
    transitivePeerDependencies:
      - supports-color

-  '@hono/node-server@1.19.10(hono@4.12.10)':
+  '@hono/node-server@1.19.13(hono@4.12.12)':
    dependencies:
-      hono: 4.12.10
+      hono: 4.12.12

  '@huggingface/jinja@0.5.6': {}

@@ -9061,7 +9061,7 @@ snapshots:

  '@modelcontextprotocol/sdk@1.29.0(zod@4.3.6)':
    dependencies:
-      '@hono/node-server': 1.19.10(hono@4.12.10)
+      '@hono/node-server': 1.19.13(hono@4.12.12)
      ajv: 8.18.0
      ajv-formats: 3.0.1(ajv@8.18.0)
      content-type: 1.0.5
@@ -9071,7 +9071,7 @@ snapshots:
      eventsource-parser: 3.0.6
      express: 5.2.1
      express-rate-limit: 8.3.2(express@5.2.1)
-      hono: 4.12.10
+      hono: 4.12.12
      jose: 6.2.2
      json-schema-typed: 8.0.2
      pkce-challenge: 5.0.1
@@ -11766,7 +11766,7 @@ snapshots:

  highlight.js@10.7.3: {}

-  hono@4.12.10: {}
+  hono@4.12.12: {}

  hookable@6.1.0: {}

--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -8,10 +8,12 @@ minimumReleaseAge: 2880

 minimumReleaseAgeExclude:
  - "acpx"
+  - "hono"
  - "openclaw"
  - "@buape/carbon"
  - "vite"
  - "@cloudflare/workers-types"
+  - "@hono/node-server"
  - "@mariozechner/*"
  - "@typescript/native-preview*"
  - "@oxlint/*"