Update JavaScript dev dependencies - autoclosed#9
Closed
renovate[bot] wants to merge 1 commit intomainfrom
Closed
Conversation
renovate
bot
changed the title
auto-merge was automatically disabled
January 24, 2026 01:30
Pull request was closed
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the
Comment |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/javascript-dev-dependencies
branch
2 times, most recently
from
98dfb79 to
17e0e36
Compare
renovate
bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.11.5→4.11.78.53.1→8.54.0Release Notes
honojs/hono (hono)
v4.11.7Compare Source
Security Release
This release includes security fixes for multiple vulnerabilities in Hono and related middleware. We recommend upgrading if you are using any of the affected components.
Components
IP Restriction Middleware
Fixed an IPv4 address validation bypass that could allow IP-based access control to be bypassed under certain configurations.
Cache Middleware
Fixed an issue where responses marked with
Cache-Control: privateorno-storecould be cached, potentially leading to information disclosure on some runtimes.Serve Static Middleware (Cloudflare Workers adapter)
Fixed an issue that could allow unintended access to internal asset keys when serving static files with user-controlled paths.
hono/jsx
ErrorBoundaryFixed a reflected Cross-Site Scripting (XSS) issue in the
ErrorBoundarycomponent that could occur when untrusted strings were rendered without proper escaping.Recommendation
Users are encouraged to upgrade to this release, especially if they:
ErrorBoundarycomponentsSecurity Advisories & CVEs
IP Restriction Middleware – IPv4 address validation bypass
Cache Middleware ignores
Cache-Control: privateServe Static Middleware (Cloudflare Workers adapter) – Arbitrary key read
hono/jsx
ErrorBoundary– Cross-Site Scripting (XSS)Full Changelog: honojs/hono@v4.11.6...v4.11.7
v4.11.6Compare Source
typescript-eslint/typescript-eslint (typescript-eslint)
v8.54.0Compare Source
This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.
You can read about our versioning strategy and releases on our website.
Configuration
📅 Schedule: Branch creation - "after 8am on saturday" in timezone Australia/Brisbane, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.