Skip to content

Bump the runtime-dependencies group with 3 updates#32

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/runtime-dependencies-af55cb4c2a
Closed

Bump the runtime-dependencies group with 3 updates#32
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/runtime-dependencies-af55cb4c2a

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Bumps the runtime-dependencies group with 3 updates: @anthropic-ai/sdk, hono and openapi-fetch.

Updates @anthropic-ai/sdk from 0.91.1 to 0.93.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.93.0

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

  • client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

sdk: v0.92.0

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

  • api: improve Managed Agents APIs (ca1bf4a)
  • support setting headers via env (32f67d4)

Bug Fixes

  • bedrock: throw APIError for error events delivered in chunk frames (#1021) (3ae887b)

Chores

  • format: run eslint and prettier separately (7ce257c)
  • internal: codegen related update (f08cc77)
Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

  • client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

  • api: improve Managed Agents APIs (ca1bf4a)
  • support setting headers via env (32f67d4)

Bug Fixes

  • bedrock: throw APIError for error events delivered in chunk frames (#1021) (3ae887b)

Chores

  • format: run eslint and prettier separately (7ce257c)
  • internal: codegen related update (f08cc77)
Commits

Updates hono from 4.12.15 to 4.12.16

Release notes

Sourced from hono's releases.

v4.12.16

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

Commits

Updates openapi-fetch from 0.13.8 to 0.17.0

Release notes

Sourced from openapi-fetch's releases.

openapi-fetch@0.17.0

Minor Changes

  • #2549 a690e52 Thanks @​abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

  • #2572 9350ddf Thanks @​luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

  • Updated dependencies [a690e52]:

    • openapi-typescript-helpers@0.1.0

openapi-fetch@0.16.0

Minor Changes

  • #2362 9002418 Thanks @​luxass! - Added support for setting a custom path serializers either globally or per request. This allows you to customize how path parameters are serialized in the URL. E.g. you can use a custom serializer to prevent encoding of a path parameter, if you need to pass a value that should not be encoded.

openapi-fetch@0.15.2

Patch Changes

  • #2508 89843b0 Thanks @​srbarba! - Use text() when no content-length is provided to avoid errors parsing empty bodies (200 with no content)

openapi-fetch@0.15.0

Minor Changes

openapi-fetch@0.14.1

Patch Changes

openapi-fetch@0.14.0

Minor Changes

  • #2310 e66b5ce Thanks @​drwpow! - Build package with unbuild. Also remove the minified version (openapi-fetch is only useful in a TypeScript/bundler environment, so there’s no sense in loading it from a CDN clientside).
Changelog

Sourced from openapi-fetch's changelog.

0.17.0

Minor Changes

  • #2549 a690e52 Thanks @​abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

  • #2572 9350ddf Thanks @​luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

  • Updated dependencies [a690e52]:

    • openapi-typescript-helpers@0.1.0

0.16.0

Minor Changes

  • #2362 9002418 Thanks @​luxass! - Added support for setting a custom path serializers either globally or per request. This allows you to customize how path parameters are serialized in the URL. E.g. you can use a custom serializer to prevent encoding of a path parameter, if you need to pass a value that should not be encoded.

0.15.2

Patch Changes

  • #2508 89843b0 Thanks @​srbarba! - Use text() when no content-length is provided to avoid errors parsing empty bodies (200 with no content)

0.15.1

Patch Changes

0.15.0

Minor Changes

0.14.1

Patch Changes

0.14.0

Minor Changes

  • #2310 e66b5ce Thanks @​drwpow! - Build package with unbuild. Also remove the minified version (openapi-fetch is only useful in a TypeScript/bundler environment, so there’s no sense in loading it from a CDN clientside).
Commits
  • 5709d33 [ci] release (#2611)
  • 9350ddf Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked (#2572)
  • a690e52 feat(openapi-typescript): add readOnly/writeOnly support via markers (#2549)
  • a06e6c3 chore(deps): update dependency superagent to v10.3.0 (#2595)
  • 7318f82 [ci] release (#2604)
  • 33b83c4 chore(deps): update dependency express to v5.2.1 (#2591)
  • 66556d0 chore(deps): update dependency axios to v1.13.5 (#2590)
  • 9002418 feat(openapi-fetch): add support for pathSerializer option (#2362)
  • ed0c26c feat(openapi-fetch): enable middleware request param module augmentation (#2527)
  • 47ba213 ci: fix npm publish permissions (#2601)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openapi-fetch since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the runtime-dependencies group with 3 updates
a89f9fd 
Bumps the runtime-dependencies group with 3 updates: [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript), [hono](https://github.com/honojs/hono) and [openapi-fetch](https://github.com/openapi-ts/openapi-typescript/tree/HEAD/packages/openapi-fetch).


Updates `@anthropic-ai/sdk` from 0.91.1 to 0.93.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.91.1...sdk-v0.93.0)

Updates `hono` from 4.12.15 to 4.12.16
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.15...v4.12.16)

Updates `openapi-fetch` from 0.13.8 to 0.17.0
- [Release notes](https://github.com/openapi-ts/openapi-typescript/releases)
- [Changelog](https://github.com/openapi-ts/openapi-typescript/blob/main/packages/openapi-fetch/CHANGELOG.md)
- [Commits](https://github.com/openapi-ts/openapi-typescript/commits/openapi-fetch@0.17.0/packages/openapi-fetch)

---
updated-dependencies:
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.93.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-dependencies
- dependency-name: hono
  dependency-version: 4.12.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: runtime-dependencies
- dependency-name: openapi-fetch
  dependency-version: 0.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from jimdou as a code owner May 4, 2026 17:50
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 4, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 11, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 11, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/runtime-dependencies-af55cb4c2a branch May 11, 2026 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jimdou jimdou Awaiting requested review from jimdou jimdou is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants