chore(deps): bump the npm_and_yarn group across 5 directories with 4 updates by dependabot[bot] · Pull Request #16 · astack-tech/astack

dependabot · 2026-02-20T03:30:50Z

Bumps the npm_and_yarn group with 1 update in the /examples/agent-in-aws-bedrock-agent-core directory: hono.
Bumps the npm_and_yarn group with 2 updates in the /examples/serve-astack directory: fastify and next.
Bumps the npm_and_yarn group with 1 update in the /examples/serve-astack/frontend directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/simple-browser-use directory: undici.
Bumps the npm_and_yarn group with 1 update in the /website directory: next.

Updates hono from 4.10.7 to 4.11.10

Release notes

Sourced from hono's releases.

v4.11.10

What's Changed

fix: fixed to be more properly timing safe (Merge commit from fork 91def7ca)

Full Changelog: honojs/hono@v4.11.9...v4.11.10

v4.11.9

What's Changed

fix(url): ignore fragment identifiers in getPath() by @sano-suguru in honojs/hono#4627

fix: determine if rendered or not by node.vC[0] instead of referring to node.pP by @usualoma in honojs/hono#4663

Full Changelog: honojs/hono@v4.11.8...v4.11.9

v4.11.8

What's Changed

fix(jsx): preserve context when using await before html helper by @kaigritun in honojs/hono#4662

fix(bearer-auth): make auth-scheme case-insensitive by @bytaesu in honojs/hono#4659

New Contributors

@kaigritun made their first contribution in honojs/hono#4662

Full Changelog: honojs/hono@v4.11.7...v4.11.8

v4.11.7

Security Release

This release includes security fixes for multiple vulnerabilities in Hono and related middleware. We recommend upgrading if you are using any of the affected components.

Components

IP Restriction Middleware

Fixed an IPv4 address validation bypass that could allow IP-based access control to be bypassed under certain configurations.

Cache Middleware

Fixed an issue where responses marked with Cache-Control: private or no-store could be cached, potentially leading to information disclosure on some runtimes.

Serve Static Middleware (Cloudflare Workers adapter)

Fixed an issue that could allow unintended access to internal asset keys when serving static files with user-controlled paths.

hono/jsx ErrorBoundary

Fixed a reflected Cross-Site Scripting (XSS) issue in the ErrorBoundary component that could occur when untrusted strings were rendered without proper escaping.

Recommendation

Users are encouraged to upgrade to this release, especially if they:

... (truncated)

Commits

a40d210 4.11.10
91def7c Merge commit from fork
8b17935 test(types): add regression tests for #4388 (routes before .use() with explic...
4a03f4f doc(jwt): mark options.secret as required in JSDoc (#4718)
7300551 chore(ci): bump typescript-go to the latest (#4716)
4b29780 chore: update Zod import examples to use namespace imports (#4715)
69ad885 4.11.9
3d536ff fix: determine if rendered or not by node.vC[0] instead of referring to `no...
0c1d4c7 fix(url): ignore fragment identifiers in getPath() (#4627)
5ca5c3e 4.11.8
Additional commits viewable in compare view

Updates fastify from 5.6.1 to 5.7.3

Release notes

Sourced from fastify's releases.

v5.7.3

⚠️ Security Release

Fix GHSA-mrq3-vjjr-p77c CVE-2026-25224.

What's Changed

docs: update Reply.send() documentation for string serialization by @mcollina in fastify/fastify#6466

chore: ignore agents config files by @mcollina in fastify/fastify#6474

docs: update vulnerability reporting to use GitHub Security by @mcollina in fastify/fastify#6475

Full Changelog: fastify/fastify@v5.7.2...v5.7.3

v5.7.2

⚠️ Notice ⚠️

Parsing of the content-type header has been improved to a strict parser in PR #6414. This means only header values in the form described in RFC 9110 are accepted.

What's Changed

chore: npm ignore AI related files by @climba03003 in fastify/fastify#6447

chore: update sponsor url by @Eomm in fastify/fastify#6450

docs: add fastify-http-exceptions to Ecosystem.md by @bhouston in fastify/fastify#6442

docs: fix invalid shorten form schema example by @climba03003 in fastify/fastify#6448

docs: Simplify and tighten decorators example by @smith558 in fastify/fastify#6451

docs: Fix incorrect variable use by @smith558 in fastify/fastify#6455

chore: update sponsor link by @Eomm in fastify/fastify#6460

fix: Fix MIT Licence file to conform to standard by @smith558 in fastify/fastify#6464

docs: move querystringParser option under routerOptions by @inyourtime in fastify/fastify#6463

chore: Updated content-type header parsing by @jsumners in fastify/fastify#6414

New Contributors

@bhouston made their first contribution in fastify/fastify#6442

Full Changelog: fastify/fastify@v5.7.1...v5.7.2

v5.7.1

What's Changed

chore: Bump actions/checkout from 5 to 6 by @dependabot[bot] in fastify/fastify#6434

chore: updated version in the fastify.js by @Tony133 in fastify/fastify#6446

Full Changelog: fastify/fastify@v5.7.0...v5.7.1

v5.7.0

What's Changed

docs: Improved firebase serverless guide about process remaining stuck by @alexandercerutti in fastify/fastify#6380

docs: update migration guide with date-time breaking change by @craftsman01 in fastify/fastify#6110

chore: remove test file by @Eomm in fastify/fastify#6384

feat: speed up loading with custom compiler by @Eomm in fastify/fastify#6383

docs: replace all instances of twitter.com with x.com by @cseas in fastify/fastify#6355

... (truncated)

Commits

49468ed Bumped v5.7.3
eb11156 Merge commit from fork
d98ce2a docs: update vulnerability reporting to use GitHub Security (#6475)
17172c4 Ignore agents config files (#6474)
b48826f docs: update Reply.send() documentation for string serialization (#6466)
e1e4fe7 v5.7.2
32d7b6a chore: Updated content-type header parsing (#6414)
f4a6ac1 docs: move querystringParser example under routerOptions (#6463)
2af83d6 fix: Fix MIT Licence file to conform to standard (#6464)
5c14e05 chore: update sponsor link (#6460)
Additional commits viewable in compare view

Updates next from 15.5.9 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
See full diff in compare view

Updates next from 15.5.9 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
See full diff in compare view

Updates undici from 7.16.0 to 7.22.0

Release notes

Sourced from undici's releases.

v7.22.0

What's Changed

docs: fix syntax highlighting in WebSocket.md by @styfle in nodejs/undici#4814

fix: use OR operator in includesCredentials per WHATWG URL Standard by @jackhax in nodejs/undici#4816

feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk by @SuperOleg39 in nodejs/undici#4676

fix: route WebSocket upgrades through onRequestUpgrade by @mcollina in nodejs/undici#4787

build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by @dependabot[bot] in nodejs/undici#4821

fix(deduplicate): do not deduplicate non-safe methods by default by @mcollina in nodejs/undici#4818

feat: Support async cache stores in revalidation by @marcopiraccini in nodejs/undici#4826

New Contributors

@jackhax made their first contribution in nodejs/undici#4816

@marcopiraccini made their first contribution in nodejs/undici#4826

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

v7.21.0

What's Changed

build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @dependabot[bot] in nodejs/undici#4796

test: restore global dispatcher after fetch tests by @mcollina in nodejs/undici#4790

Add missing close method to WebSocketStream interface by @piotr-cz in nodejs/undici#4802

fix: error stream instead of canceling by @KhafraDev in nodejs/undici#4804

Fix clientTtl cleanup race in Agent by @mcollina in nodejs/undici#4807

feat(#4230): Implement pingInterval for dispatching PING frames by @metcoder95 in nodejs/undici#4296

fix: handle undefined __filename in bundled environments by @mcollina in nodejs/undici#4812

fix: set finalizer only for fetch responses by @tsctx in nodejs/undici#4803

New Contributors

@piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

What's Changed

fix: preserve fetch stack traces by @mcollina in nodejs/undici#4778

Fix error handling in MockPool example by @dave-kennedy in nodejs/undici#4781

feat: expose statusText in request() ResponseData by @domenic in nodejs/undici#4784

test: reduce retry-after invalid date flake by @mcollina in nodejs/undici#4788

extractBody fixes by @KhafraDev in nodejs/undici#4791

fix: MockAgent delayed response with AbortSignal (#4693) by @mcollina in nodejs/undici#4772

fix: onParserTimeout potentially accessing undefined by @vbfox in nodejs/undici#4758

New Contributors

@dave-kennedy made their first contribution in nodejs/undici#4781

@vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

... (truncated)

Commits

0a23610 Bumped v7.22.0 (#4829)
f3c5c61 feat: Support async cache stores in revalidation (#4826)
9b78a44 fix(deduplicate): avoid deduping methods not in methods option (#4818)
0ce57ba build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 (#4821)
2453caf fix: route websocket upgrades through new handler API (#4787)
4658cdf feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk (#4676)
a821c56 fix: use OR operator in includesCredentials per WHATWG URL Standard (#4816)
b3326b5 docs: fix syntax highlighting in WebSocket.md (#4814)
393c0da Bumped v7.21.0 (#4813)
47f9b96 fix: set finalizer only for fetch responses (#4803)
Additional commits viewable in compare view

Updates next from 15.5.9 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 1 update in the /examples/agent-in-aws-bedrock-agent-core directory: [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 2 updates in the /examples/serve-astack directory: [fastify](https://github.com/fastify/fastify) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/serve-astack/frontend directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/simple-browser-use directory: [undici](https://github.com/nodejs/undici). Bumps the npm_and_yarn group with 1 update in the /website directory: [next](https://github.com/vercel/next.js). Updates `hono` from 4.10.7 to 4.11.10 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.10.7...v4.11.10) Updates `fastify` from 5.6.1 to 5.7.3 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.6.1...v5.7.3) Updates `next` from 15.5.9 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.9...v15.5.10) Updates `next` from 15.5.9 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.9...v15.5.10) Updates `undici` from 7.16.0 to 7.22.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.16.0...v7.22.0) Updates `next` from 15.5.9 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.9...v15.5.10) --- updated-dependencies: - dependency-name: hono dependency-version: 4.11.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fastify dependency-version: 5.7.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.22.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-02-20T03:30:53Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
astack	Error		Feb 20, 2026 3:31am

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 20, 2026

dependabot bot mentioned this pull request Feb 20, 2026

chore(deps): bump the npm_and_yarn group across 5 directories with 4 updates #15

Closed

vercel bot had a problem deploying to Preview February 20, 2026 03:31 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 5 directories with 4 updates#16

chore(deps): bump the npm_and_yarn group across 5 directories with 4 updates#16
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-9743477fbb

dependabot bot commented on behalf of github Feb 20, 2026

Uh oh!

vercel bot commented Feb 20, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 20, 2026

v4.11.10

What's Changed

v4.11.9

What's Changed

v4.11.8

What's Changed

New Contributors

v4.11.7

Security Release

Components

IP Restriction Middleware

Cache Middleware

Serve Static Middleware (Cloudflare Workers adapter)

hono/jsx ErrorBoundary

Recommendation

v5.7.3

⚠️ Security Release

What's Changed

v5.7.2

⚠️ Notice ⚠️

What's Changed

New Contributors

v5.7.1

What's Changed

v5.7.0

What's Changed

v15.5.10

v15.5.10

v7.22.0

What's Changed

New Contributors

v7.21.0

What's Changed

New Contributors

v7.20.0

What's Changed

New Contributors

v7.19.2

What's Changed

v15.5.10

Uh oh!

vercel bot commented Feb 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

hono/jsx `ErrorBoundary`

vercel bot commented Feb 20, 2026 •

edited

Loading