Skip to content

Commit 98d9819

Browse files
ndycodendycode
authored
Merge pull request #515 from ndycode/fix/hono-4.12.21-security
fix(deps): bump hono 4.12.18 → 4.12.21 (resolves 4 Dependabot advisories)
2 parents d8306d5 + 3c35571 commit 98d9819

4 files changed

Lines changed: 11 additions & 11 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -383,7 +383,7 @@ codex-multi-auth doctor --json
383383

384384
## Release Notes
385385

386-
- Current prerelease: [docs/releases/v2.3.0-beta.0.md](docs/releases/v2.3.0-beta.0.md) — install via `npm i -g codex-multi-auth@beta`
386+
- Current prerelease: [docs/releases/v2.3.0-beta.1.md](docs/releases/v2.3.0-beta.1.md) — install via `npm i -g codex-multi-auth@beta`
387387
- Current stable: [docs/releases/v2.2.2.md](docs/releases/v2.2.2.md) — install via `npm i -g codex-multi-auth`
388388
- Previous stable: [docs/releases/v2.2.1.md](docs/releases/v2.2.1.md)
389389
- Previous stable: [docs/releases/v2.2.0.md](docs/releases/v2.2.0.md)

SECURITY.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ The following are not treated as vulnerabilities in this repository:
7979

8080
Security override rationale (`package.json` -> `overrides`):
8181

82-
- `hono`: pinned to `4.12.18` to keep builds out of the vulnerable `4.12.0-4.12.1` range reported in `GHSA-xh87-mx6m-69f3` (authentication bypass advisory).
82+
- `hono`: pinned to `4.12.21` to keep builds out of the vulnerable `<4.12.21` range reported in `GHSA-3hrh-pfw6-9m5x`, `GHSA-2gcr-mfcq-wcc3`, `GHSA-xrhx-7g5j-rcj5`, and `GHSA-f577-qrjj-4474` (Set-Cookie injection, `app.mount()` path-decoding, IPv6 IP-restriction bypass, and JWT scheme-acceptance advisories).
8383
- `rollup`: pinned to `^4.59.0` to keep the Vite and Vitest transitive graph above the vulnerable `<4.59.0` range surfaced by `npm audit`.
8484

8585
Before release and after dependency changes:

package-lock.json

Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -176,12 +176,12 @@
176176
"@codex-ai/plugin": "file:vendor/codex-ai-plugin",
177177
"@codex-ai/sdk": "file:vendor/codex-ai-sdk",
178178
"@openauthjs/openauth": "^0.4.3",
179-
"hono": "4.12.18",
179+
"hono": "4.12.21",
180180
"undici": "6.25.0",
181181
"zod": "4.4.3"
182182
},
183183
"overrides": {
184-
"hono": "4.12.18",
184+
"hono": "4.12.21",
185185
"flatted": "3.4.2",
186186
"minimatch": "10.2.4",
187187
"picomatch": "4.0.4",

0 commit comments

Comments
 (0)