Skip to content

chore(deps): hono, ajv alerts#2639

Open
DerekRoberts wants to merge 5 commits intomainfrom
chore/deps/hono
Open

chore(deps): hono, ajv alerts#2639
DerekRoberts wants to merge 5 commits intomainfrom
chore/deps/hono

Conversation

@DerekRoberts
Copy link
Member

@DerekRoberts DerekRoberts commented Mar 11, 2026
edited by github-actions bot
Loading

  • chore(ci): alerts
  • Cleanup and lockfile

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 11, 2026
View reviewed changes
backend/package-lock.json
Comment on lines +2369 to +2380
"node_modules/@prisma/dev/node_modules/@hono/node-server": {
"version": "1.19.9",
"resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.9.tgz",
"integrity": "sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==",
"license": "MIT",
"engines": {
"node": ">=18.14.1"
},
"peerDependencies": {
"hono": "^4"
}
},

Check failure

Code scanning / Trivy

@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware High

Package: @hono/node-server
Installed Version: 1.19.9
Vulnerability CVE-2026-29087
Severity: HIGH
Fixed Version: 1.19.10
Link: CVE-2026-29087
@DerekRoberts DerekRoberts changed the title chore/deps/hono chore(deps): hono, ajv alerts Mar 11, 2026
@socket-security
Copy link

socket-security bot commented Mar 11, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedprisma@​7.4.2751009798100
Addedexpress-prom-bundle@​8.0.010010010080100
Addedreflect-metadata@​0.2.21001001008080
Addednest-winston@​1.10.210010010080100
Addedswagger-ui-express@​5.0.110010010080100
Addedistanbul-badges-readme@​1.9.09210010082100
Addedhelmet@​8.1.010010010083100
Addedprom-client@​15.1.39910010083100
Addedunplugin-swc@​1.5.910010010086100
Addedrimraf@​6.1.39910010087100
Addedwinston@​3.19.09810010088100
Addedsupertest@​7.2.29910010089100
Added@​hono/​node-server@​1.19.1010010010094100
Addedpg@​8.20.0991009995100
Addeddotenv@​17.3.19910010095100

View full report

@DerekRoberts DerekRoberts moved this from New to Active in DevOps (NR) Mar 11, 2026
@DerekRoberts DerekRoberts self-assigned this Mar 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@DerekRoberts DerekRoberts

Labels

None yet

Projects

DevOps (NR)
Status: Active

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DerekRoberts