chore(deps): bump the npm_and_yarn group across 3 directories with 9 updates by dependabot[bot] · Pull Request #15 · michaelbjordanz/x402

dependabot · 2026-03-18T22:47:04Z

Bumps the npm_and_yarn group with 3 updates in the /examples/typescript directory: @hono/node-server, hono and axios.
Bumps the npm_and_yarn group with 5 updates in the /examples/typescript/dynamic_agent directory:

Package	From	To
@hono/node-server	`1.14.1`	`1.19.10`
hono	`4.7.7`	`4.12.8`
ajv	`8.17.1`	`8.18.0`
lodash	`4.17.21`	`4.17.23`
minimatch	`10.0.1`	`10.2.4`

Bumps the npm_and_yarn group with 3 updates in the /typescript directory: hono, axios and next.

Updates @hono/node-server from 1.14.1 to 1.19.10

Release notes

Sourced from @hono/node-server's releases.

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

v1.19.9

What's Changed

fix(globals): Stop overwriting global.fetch by @usualoma in honojs/node-server#295

Full Changelog: honojs/node-server@v1.19.8...v1.19.9

v1.19.8

What's Changed

docs: add guide for listening to UNIX domain socket by @TransparentLC in honojs/node-server#292

fix(serve-static): Use Readable.toWeb in serveStatic by @otya128 in honojs/node-server#293

New Contributors

@TransparentLC made their first contribution in honojs/node-server#292

@otya128 made their first contribution in honojs/node-server#293

Full Changelog: honojs/node-server@v1.19.7...v1.19.8

v1.19.7

What's Changed

fix: Fix for hono issue 4563 - incorrect content-length after following symlink by @tshmieldev in honojs/node-server#290

chore: add configVersion to bun.lock by @yusukebe in honojs/node-server#291

New Contributors

@tshmieldev made their first contribution in honojs/node-server#290

Full Changelog: honojs/node-server@v1.19.6...v1.19.7

v1.19.6

What's Changed

fix(serve-static): fix onFound timing by @usualoma in honojs/node-server#286

Full Changelog: honojs/node-server@v1.19.5...v1.19.6

v1.19.5

What's Changed

fix: cancel a readable stream if a writable stream is closed before a readable stream is closed. by @usualoma in honojs/node-server#280

Full Changelog: honojs/node-server@v1.19.4...v1.19.5

v1.19.4

... (truncated)

Commits

2f8ca36 1.19.10
455015b Merge commit from fork
cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
58c4412 chore: Adding LICENSE file with MIT license referenced in README.md (#297)
b1daa4c docs(readme): add @usualoma as an author (#300)
26f5e89 1.19.9
2d729e7 fix(globals): Stop overwriting global.fetch (#295)
9b72ddf 1.19.8
0b1229e fix(serve-static): Use Readable.toWeb in serveStatic (#293)
76d80e6 docs: add guide for listening to UNIX domain socket (#292)
Additional commits viewable in compare view

Updates hono from 4.7.7 to 4.12.7

Release notes

Sourced from hono's releases.

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

fix(accept): replace regex split to mitigate ReDoS by @EdamAme-x in honojs/hono#4758

fix(jsx): align link hoisting and dedupe with React 19 by @usualoma in honojs/hono#4792

chore(builld): tsconfig project references by @BarryThePenguin in honojs/hono#4797

chore: add tsconfig.spec.json by @yusukebe in honojs/hono#4798

feat(jsx-renderer): support function-based options by @3w36zj6 in honojs/hono#4780

fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @t0waxx in honojs/hono#4782

New Contributors

@t0waxx made their first contribution in honojs/hono#4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

fix(request): return string | undefined from param() when path type is any by @andrewdamelio in honojs/hono#4723

fix(jwt): validate token format in decode and decodeHeader functions by @otoneko1102 in honojs/hono#4752

fix(jsx): Fix "Invalid state: Controller is already closed" by @gaearon in honojs/hono#4770

chore(eslint): upgrade @hono/eslint-config by @BarryThePenguin in honojs/hono#4781

New Contributors

@andrewdamelio made their first contribution in honojs/hono#4723

@otoneko1102 made their first contribution in honojs/hono#4752

@gaearon made their first contribution in honojs/hono#4770

Full Changelog: honojs/hono@v4.12.4...v4.12.5

v4.12.4

Security fixes

This release includes fixes for the following security issues:

SSE Control Field Injection

Affects: streamSSE() in Streaming Helper. Fixes injection of unintended SSE fields by rejecting CR/LF characters in event, id, and retry. GHSA-p6xx-57qc-3wxr

Cookie Attribute Injection in setCookie()

Affects: setCookie() from hono/cookie. Fixes cookie attribute manipulation by rejecting ;, \r, and \n in domain and path options. GHSA-5pq2-9x2x-5p6w

... (truncated)

Commits

b0aba5b 4.12.7
1be3a53 ci: apply automated fixes
ef90225 Merge commit from fork
3f88636 4.12.6
53b66ae fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X (#4782)
58825a7 feat(jsx-renderer): support function-based options (#4780)
0e80acb chore: add tsconfig.spec.json (#4798)
d69deb8 chore(builld): tsconfig project references (#4797)
8217d9e fix(jsx): align link hoisting and dedupe with React 19 (#4792)
5086956 fix(accept): replace regex split to mitigate ReDoS (#4758)
Additional commits viewable in compare view

Updates axios from 1.8.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates bn.js from 4.12.2 to 4.12.3

Commits

39fe438 4.12.3
67ecb35 backport(4.x): fix imaskn state (#317)
See full diff in compare view

Updates @hono/node-server from 1.14.1 to 1.19.10

Release notes

Sourced from @hono/node-server's releases.

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

v1.19.9

What's Changed

fix(globals): Stop overwriting global.fetch by @usualoma in honojs/node-server#295

Full Changelog: honojs/node-server@v1.19.8...v1.19.9

v1.19.8

What's Changed

docs: add guide for listening to UNIX domain socket by @TransparentLC in honojs/node-server#292

fix(serve-static): Use Readable.toWeb in serveStatic by @otya128 in honojs/node-server#293

New Contributors

@TransparentLC made their first contribution in honojs/node-server#292

@otya128 made their first contribution in honojs/node-server#293

Full Changelog: honojs/node-server@v1.19.7...v1.19.8

v1.19.7

What's Changed

fix: Fix for hono issue 4563 - incorrect content-length after following symlink by @tshmieldev in honojs/node-server#290

chore: add configVersion to bun.lock by @yusukebe in honojs/node-server#291

New Contributors

@tshmieldev made their first contribution in honojs/node-server#290

Full Changelog: honojs/node-server@v1.19.6...v1.19.7

v1.19.6

What's Changed

fix(serve-static): fix onFound timing by @usualoma in honojs/node-server#286

Full Changelog: honojs/node-server@v1.19.5...v1.19.6

v1.19.5

What's Changed

fix: cancel a readable stream if a writable stream is closed before a readable stream is closed. by @usualoma in honojs/node-server#280

Full Changelog: honojs/node-server@v1.19.4...v1.19.5

v1.19.4

... (truncated)

Commits

2f8ca36 1.19.10
455015b Merge commit from fork
cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
58c4412 chore: Adding LICENSE file with MIT license referenced in README.md (#297)
b1daa4c docs(readme): add @usualoma as an author (#300)
26f5e89 1.19.9
2d729e7 fix(globals): Stop overwriting global.fetch (#295)
9b72ddf 1.19.8
0b1229e fix(serve-static): Use Readable.toWeb in serveStatic (#293)
76d80e6 docs: add guide for listening to UNIX domain socket (#292)
Additional commits viewable in compare view

Updates hono from 4.7.7 to 4.12.8

Release notes

Sourced from hono's releases.

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

fix(accept): replace regex split to mitigate ReDoS by @EdamAme-x in honojs/hono#4758

fix(jsx): align link hoisting and dedupe with React 19 by @usualoma in honojs/hono#4792

chore(builld): tsconfig project references by @BarryThePenguin in honojs/hono#4797

chore: add tsconfig.spec.json by @yusukebe in honojs/hono#4798

feat(jsx-renderer): support function-based options by @3w36zj6 in honojs/hono#4780

fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @t0waxx in honojs/hono#4782

New Contributors

@t0waxx made their first contribution in honojs/hono#4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

fix(request): return string | undefined from param() when path type is any by @andrewdamelio in honojs/hono#4723

fix(jwt): validate token format in decode and decodeHeader functions by @otoneko1102 in honojs/hono#4752

fix(jsx): Fix "Invalid state: Controller is already closed" by @gaearon in honojs/hono#4770

chore(eslint): upgrade @hono/eslint-config by @BarryThePenguin in honojs/hono#4781

New Contributors

@andrewdamelio made their first contribution in honojs/hono#4723

@otoneko1102 made their first contribution in honojs/hono#4752

@gaearon made their first contribution in honojs/hono#4770

Full Changelog: honojs/hono@v4.12.4...v4.12.5

v4.12.4

Security fixes

This release includes fixes for the following security issues:

SSE Control Field Injection

Affects: streamSSE() in Streaming Helper. Fixes injection of unintended SSE fields by rejecting CR/LF characters in event, id, and retry. GHSA-p6xx-57qc-3wxr

Cookie Attribute Injection in setCookie()

Affects: setCookie() from hono/cookie. Fixes cookie attribute manipulation by rejecting ;, \r, and \n in domain and path options. GHSA-5pq2-9x2x-5p6w

... (truncated)

Commits

b0aba5b 4.12.7
1be3a53 ci: apply automated fixes
ef90225 Merge commit from fork
3f88636 4.12.6
53b66ae fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X (#4782)
58825a7 feat(jsx-renderer): support function-based options (#4780)
0e80acb chore: add tsconfig.spec.json (#4798)
d69deb8 chore(builld): tsconfig project references (#4797)
8217d9e fix(jsx): align link hoisting and dedupe with React 19 (#4792)
5086956 fix(accept): replace regex split to mitigate ReDoS (#4758)
Additional commits viewable in compare view

Updates axios from 1.8.4 to 1.13.6

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (Description has been truncated

…updates Bumps the npm_and_yarn group with 3 updates in the /examples/typescript directory: [@hono/node-server](https://github.com/honojs/node-server), [hono](https://github.com/honojs/hono) and [axios](https://github.com/axios/axios). Bumps the npm_and_yarn group with 5 updates in the /examples/typescript/dynamic_agent directory: | Package | From | To | | --- | --- | --- | | [@hono/node-server](https://github.com/honojs/node-server) | `1.14.1` | `1.19.10` | | [hono](https://github.com/honojs/hono) | `4.7.7` | `4.12.8` | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [minimatch](https://github.com/isaacs/minimatch) | `10.0.1` | `10.2.4` | Bumps the npm_and_yarn group with 3 updates in the /typescript directory: [hono](https://github.com/honojs/hono), [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js). Updates `@hono/node-server` from 1.14.1 to 1.19.10 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.14.1...v1.19.10) Updates `hono` from 4.7.7 to 4.12.7 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.7.7...v4.12.7) Updates `axios` from 1.8.4 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `bn.js` from 4.12.2 to 4.12.3 - [Release notes](https://github.com/indutny/bn.js/releases) - [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md) - [Commits](indutny/bn.js@v4.12.2...v4.12.3) Updates `@hono/node-server` from 1.14.1 to 1.19.10 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.14.1...v1.19.10) Updates `hono` from 4.7.7 to 4.12.8 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.7.7...v4.12.7) Updates `axios` from 1.8.4 to 1.13.6 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `minimatch` from 10.0.1 to 10.2.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v10.0.1...v10.2.4) Updates `rollup` from 4.40.0 to 3.30.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md) - [Commits](rollup/rollup@v4.40.0...v3.30.0) Updates `hono` from 4.8.2 to 4.12.7 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.7.7...v4.12.7) Updates `axios` from 1.10.0 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `next` from 15.3.4 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.4...v16.1.7) --- updated-dependencies: - dependency-name: "@hono/node-server" dependency-version: 1.19.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: bn.js dependency-version: 4.12.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 10.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 3.30.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2026

dependabot bot mentioned this pull request Mar 18, 2026

chore(deps): bump the npm_and_yarn group across 3 directories with 9 updates #14

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 3 directories with 9 updates#15

chore(deps): bump the npm_and_yarn group across 3 directories with 9 updates#15
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/examples/typescript/npm_and_yarn-b91418f5ce

dependabot bot commented on behalf of github Mar 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 18, 2026

v1.19.10

Security Fix

v1.19.9

What's Changed

v1.19.8

What's Changed

New Contributors

v1.19.7

What's Changed

New Contributors

v1.19.6

What's Changed

v1.19.5

What's Changed

v1.19.4

v4.12.7

Security hardening

v4.12.6

What's Changed

New Contributors

v4.12.5

What's Changed

New Contributors

v4.12.4

Security fixes

SSE Control Field Injection

Cookie Attribute Injection in setCookie()

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v1.19.10

Security Fix

v1.19.9

What's Changed

v1.19.8

What's Changed

New Contributors

v1.19.7

What's Changed

New Contributors

v1.19.6

What's Changed

v1.19.5

What's Changed

v1.19.4

v4.12.7

Security hardening

v4.12.6

What's Changed

New Contributors

v4.12.5

What's Changed

New Contributors

v4.12.4

Security fixes

SSE Control Field Injection

Cookie Attribute Injection in setCookie()

v1.13.5

Release 1.13.5

Highlights

Changes

Cookie Attribute Injection in `setCookie()`

Cookie Attribute Injection in `setCookie()`