Skip to content

chore(deps): override hono to patched version 4.12.25#442

Merged
RetricSu merged 1 commit into
ckb-devrel:developfrom
humble-little-bear:bump-hono-override
Jul 2, 2026
Merged

chore(deps): override hono to patched version 4.12.25#442
RetricSu merged 1 commit into
ckb-devrel:developfrom
humble-little-bear:bump-hono-override

Conversation

@humble-little-bear

Copy link
Copy Markdown
Contributor

Force-resolve transitive hono to 4.12.25 to fix the CORS middleware vulnerability (affected versions < 4.12.25).\n\n- Add hono@<4.12.25 override to pnpm-workspace.yaml\n- Update pnpm-lock.yaml so all hono entries resolve to 4.12.25\n\nRelated Dependabot alert: hono CORS Middleware reflects any Origin with credentials when 'origin' defaults to the wildcard.

@RetricSu RetricSu merged commit ee72293 into ckb-devrel:develop Jul 2, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants