Skip to content

chore(deps): consolidate all dependabot dependency updates#922

Merged
lane711 merged 1 commit into
mainfrom
lane711/dependency-updates-consolidate
Jun 18, 2026
Merged

chore(deps): consolidate all dependabot dependency updates#922
lane711 merged 1 commit into
mainfrom
lane711/dependency-updates-consolidate

Conversation

@lane711

@lane711 lane711 commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

Summary

Merges 8 open dependabot PRs (#918, #862, #851, #849, #843, #840, #839, #837) into a single change:

  • hono: ^4.12.18 → ^4.12.26 (all workspaces) — includes 5 security fixes in 4.12.25: CORS credentials bypass, body-limit bypass on AWS Lambda, path traversal on Windows, Set-Cookie header merging, Lambda@Edge repeated header drop
  • vitest: ^4.0.5 → ^4.1.9 (root, packages/core)
  • @vitest/coverage-v8: ^4.0.5 → ^4.1.9 (root, packages/core)
  • my-sonicjs-app vitest: ^2.1.8 → ^4.1.9 (aligned with root)
  • postcss: 8.5.6 → 8.5.15 (transitive, lockfile)
  • qs: 6.15.0 → 6.15.2 (transitive, lockfile)
  • shell-quote: 1.8.3 → 1.8.4 (transitive, lockfile)

Test plan

  • Unit tests: 1648 passed, 0 new failures (16 pre-existing plugin/integration failures unrelated to deps)
  • E2E smoke tests (8/8 passed against live server): health, login, logout, session persistence, auth guards, 404 handling

Closes #918, #862, #851, #849, #843, #840, #839, #837

🤖 Generated with Claude Code

@lane711 @claude
chore(deps): consolidate all dependabot dependency updates
056297c 
- hono: ^4.12.18 → ^4.12.26 (security fixes in 4.12.25: CORS, body-limit,
  serve-static path traversal, AWS Lambda Set-Cookie, Lambda@Edge header)
- vitest: ^4.0.5 → ^4.1.9 (root, packages/core)
- @vitest/coverage-v8: ^4.0.5 → ^4.1.9 (root, packages/core)
- my-sonicjs-app vitest: ^2.1.8 → ^4.1.9 (align with root)
- postcss: 8.5.6 → 8.5.15 (transitive, lockfile)
- qs: 6.15.0 → 6.15.2 (transitive, lockfile)
- shell-quote: 1.8.3 → 1.8.4 (transitive, lockfile)

Closes PRs: #918, #862, #851, #849, #843, #840, #839, #837

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@lane711 lane711 merged commit 4f42ac9 into main Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lane711