Skip to content

build(deps): bump the runtime-dependencies group across 1 directory with 4 updates#10

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/runtime-dependencies-67b307eb8f
Closed

build(deps): bump the runtime-dependencies group across 1 directory with 4 updates#10
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/runtime-dependencies-67b307eb8f

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 2, 2026
edited
Loading

Bumps the runtime-dependencies group with 4 updates in the / directory: @anthropic-ai/sdk, hono, yaml and openapi-fetch.

Updates @anthropic-ai/sdk from 0.91.1 to 0.95.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.95.1

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

  • redact api-key headers in debug logs (fad8fee)

sdk: v0.95.0

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

  • api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

  • api: Adjust webhook configuration (deed3f6)

sdk: v0.94.0

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

  • client: allow targeting a workspace for OIDC federation token exchange (bde6620)

sdk: v0.93.0

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

  • client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

sdk: v0.92.0

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

  • api: improve Managed Agents APIs (ca1bf4a)
  • support setting headers via env (32f67d4)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

  • redact api-key headers in debug logs (fad8fee)

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

  • api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

  • api: Adjust webhook configuration (deed3f6)

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

  • client: allow targeting a workspace for OIDC federation token exchange (bde6620)

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

  • client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

  • api: improve Managed Agents APIs (ca1bf4a)
  • support setting headers via env (32f67d4)

Bug Fixes

  • bedrock: throw APIError for error events delivered in chunk frames (#1021) (3ae887b)

... (truncated)

Commits

Updates hono from 4.12.15 to 4.12.18

Release notes

Sourced from hono's releases.

v4.12.18

Security fixes

This release includes fixes for the following security issues:

Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Affects: Cache Middleware. Fixes missing cache-skip handling for Vary: Authorization and Vary: Cookie, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm

CSS Declaration Injection via Style Object Values in JSX SSR

Affects: hono/jsx. Fixes a missing CSS-context escape for style object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p

Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Affects: hono/utils/jwt. Fixes improper validation of exp, nbf, and iat claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36

Users who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.

v4.12.17

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.16...v4.12.17

v4.12.16

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

Commits

Updates yaml from 2.8.3 to 2.8.4

Release notes

Sourced from yaml's releases.

v2.8.4

  • Disable alias resolution with maxAliasCount:0 (#677)
  • Handle invalid unicode escapes (e1a1a77)
  • Apply minFractionDigits only to decimal strings (#676)
Commits

Updates openapi-fetch from 0.13.8 to 0.17.0

Release notes

Sourced from openapi-fetch's releases.

openapi-fetch@0.17.0

Minor Changes

  • #2549 a690e52 Thanks @​abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

  • #2572 9350ddf Thanks @​luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

  • Updated dependencies [a690e52]:

    • openapi-typescript-helpers@0.1.0

openapi-fetch@0.16.0

Minor Changes

  • #2362 9002418 Thanks @​luxass! - Added support for setting a custom path serializers either globally or per request. This allows you to customize how path parameters are serialized in the URL. E.g. you can use a custom serializer to prevent encoding of a path parameter, if you need to pass a value that should not be encoded.

openapi-fetch@0.15.2

Patch Changes

  • #2508 89843b0 Thanks @​srbarba! - Use text() when no content-length is provided to avoid errors parsing empty bodies (200 with no content)

openapi-fetch@0.15.0

Minor Changes

openapi-fetch@0.14.1

Patch Changes

openapi-fetch@0.14.0

Minor Changes

  • #2310 e66b5ce Thanks @​drwpow! - Build package with unbuild. Also remove the minified version (openapi-fetch is only useful in a TypeScript/bundler environment, so there’s no sense in loading it from a CDN clientside).
Changelog

Sourced from openapi-fetch's changelog.

0.17.0

Minor Changes

  • #2549 a690e52 Thanks @​abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

  • #2572 9350ddf Thanks @​luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

  • Updated dependencies [a690e52]:

    • openapi-typescript-helpers@0.1.0

0.16.0

Minor Changes

  • #2362 9002418 Thanks @​luxass! - Added support for setting a custom path serializers either globally or per request. This allows you to customize how path parameters are serialized in the URL. E.g. you can use a custom serializer to prevent encoding of a path parameter, if you need to pass a value that should not be encoded.

0.15.2

Patch Changes

  • #2508 89843b0 Thanks @​srbarba! - Use text() when no content-length is provided to avoid errors parsing empty bodies (200 with no content)

0.15.1

Patch Changes

0.15.0

Minor Changes

0.14.1

Patch Changes

0.14.0

Minor Changes

  • #2310 e66b5ce Thanks @​drwpow! - Build package with unbuild. Also remove the minified version (openapi-fetch is only useful in a TypeScript/bundler environment, so there’s no sense in loading it from a CDN clientside).
Commits
  • 5709d33 [ci] release (#2611)
  • 9350ddf Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked (#2572)
  • a690e52 feat(openapi-typescript): add readOnly/writeOnly support via markers (#2549)
  • a06e6c3 chore(deps): update dependency superagent to v10.3.0 (#2595)
  • 7318f82 [ci] release (#2604)
  • 33b83c4 chore(deps): update dependency express to v5.2.1 (#2591)
  • 66556d0 chore(deps): update dependency axios to v1.13.5 (#2590)
  • 9002418 feat(openapi-fetch): add support for pathSerializer option (#2362)
  • ed0c26c feat(openapi-fetch): enable middleware request param module augmentation (#2527)
  • 47ba213 ci: fix npm publish permissions (#2601)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openapi-fetch since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 2, 2026
@dependabot dependabot Bot requested a review from jimdou as a code owner May 2, 2026 09:24
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 2, 2026
@dependabot dependabot Bot changed the title build(deps): bump the runtime-dependencies group with 4 updates build(deps): bump the runtime-dependencies group across 1 directory with 4 updates May 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/runtime-dependencies-67b307eb8f branch 24 times, most recently from a7cc585 to 614dcad Compare May 6, 2026 19:37
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/runtime-dependencies-67b307eb8f branch 8 times, most recently from 18ea9f6 to 689976e Compare May 7, 2026 22:15
@dependabot
build(deps): bump the runtime-dependencies group across 1 directory w…
f8ca301 
…ith 4 updates

Bumps the runtime-dependencies group with 4 updates in the / directory: [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript), [hono](https://github.com/honojs/hono), [yaml](https://github.com/eemeli/yaml) and [openapi-fetch](https://github.com/openapi-ts/openapi-typescript/tree/HEAD/packages/openapi-fetch).


Updates `@anthropic-ai/sdk` from 0.91.1 to 0.95.1
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.91.1...sdk-v0.95.1)

Updates `hono` from 4.12.15 to 4.12.18
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.15...v4.12.18)

Updates `yaml` from 2.8.3 to 2.8.4
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.3...v2.8.4)

Updates `openapi-fetch` from 0.13.8 to 0.17.0
- [Release notes](https://github.com/openapi-ts/openapi-typescript/releases)
- [Changelog](https://github.com/openapi-ts/openapi-typescript/blob/main/packages/openapi-fetch/CHANGELOG.md)
- [Commits](https://github.com/openapi-ts/openapi-typescript/commits/openapi-fetch@0.17.0/packages/openapi-fetch)

---
updated-dependencies:
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.92.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-dependencies
- dependency-name: hono
  dependency-version: 4.12.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: runtime-dependencies
- dependency-name: openapi-fetch
  dependency-version: 0.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-dependencies
- dependency-name: yaml
  dependency-version: 2.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: runtime-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/runtime-dependencies-67b307eb8f branch from 689976e to f8ca301 Compare May 9, 2026 21:08
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 16, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 16, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/runtime-dependencies-67b307eb8f branch May 16, 2026 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jimdou jimdou Awaiting requested review from jimdou jimdou is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants