chore(deps)(deps): bump the minor-and-patch group with 19 updates

[dependabot]

Bumps the minor-and-patch group with 19 updates:

Package	From	To
@vitest/coverage-v8	4.1.3	4.1.4
esbuild	0.27.7	0.28.0
turbo	2.9.3	2.9.6
vitest	4.1.3	4.1.4
@hono/node-server	1.19.12	1.19.14
@langchain/core	1.1.39	1.1.40
@langchain/openai	1.4.2	1.4.4
better-auth	1.5.6	1.6.5
deepagents	1.8.8	1.9.0
dotenv	17.4.0	17.4.2
hono	4.12.10	4.12.14
astro	6.1.4	6.1.8
@tanstack/react-query	5.96.2	5.99.2
@tanstack/react-router	1.168.10	1.168.23
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
@tanstack/router-plugin	1.167.12	1.167.22
postcss	8.5.8	8.5.10
bullmq	5.73.0	5.74.1

Updates @vitest/coverage-v8 from 4.1.3 to 4.1.4

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.4

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in vitest-dev/vitest#10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in vitest-dev/vitest#10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in vitest-dev/vitest#9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in vitest-dev/vitest#10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

Commits

• ac04bac chore: release v4.1.4
• See full diff in compare view

Updates esbuild from 0.27.7 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Changelog

Sourced from esbuild's changelog.

0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• See full diff in compare view

Updates turbo from 2.9.3 to 2.9.6

Release notes

Sourced from turbo's releases.

Turborepo v2.9.6

What's Changed

create-turbo

• chore: Update dependencies found in audits by @​anthonyshew in vercel/turborepo#12586

Examples

• fix: Add missing @types/node to with-svelte example apps by @​anthonyshew in vercel/turborepo#12585

Changelog

• docs: Add Bun equivalent for updating dependencies by @​anthonyshew in vercel/turborepo#12580
• fix: Mention turbo.json in concurrency error message by @​anthonyshew in vercel/turborepo#12582
• fix: Surface actionable message when remote cache is requested but not linked by @​anthonyshew in vercel/turborepo#12584
• chore: Delete agents app by @​anthonyshew in vercel/turborepo#12587
• fix: Load custom CA certificates in fast webpki-only HTTP client by @​anthonyshew in vercel/turborepo#12591
• docs: Remove pre-release badges by @​anthonyshew in vercel/turborepo#12592

Full Changelog: vercel/turborepo@v2.9.5...v2.9.6

Turborepo v2.9.6-canary.3

What's Changed

Changelog

• chore: Delete agents app by @​anthonyshew in vercel/turborepo#12587
• fix: Load custom CA certificates in fast webpki-only HTTP client by @​anthonyshew in vercel/turborepo#12591

Full Changelog: vercel/turborepo@v2.9.6-canary.2...v2.9.6-canary.3

Turborepo v2.9.6-canary.2

What's Changed

create-turbo

• chore: Update dependencies found in audits by @​anthonyshew in vercel/turborepo#12586

Examples

• fix: Add missing @types/node to with-svelte example apps by @​anthonyshew in vercel/turborepo#12585

Changelog

• fix: Surface actionable message when remote cache is requested but not linked by @​anthonyshew in vercel/turborepo#12584

Full Changelog: vercel/turborepo@v2.9.6-canary.1...v2.9.6-canary.2

Turborepo v2.9.6-canary.1

What's Changed

@​turbo/telemetry

• fix: Suppress telemetry alert when running on Vercel by @​anthonyshew in vercel/turborepo#12576

... (truncated)

Commits

• 77bca2b publish 2.9.6 to registry
• 5a8f2e8 release(turborepo): 2.9.6-canary.3 (#12593)
• 861efa8 docs: Remove pre-release badges (#12592)
• 28db7d0 fix: Load custom CA certificates in fast webpki-only HTTP client (#12591)
• b412177 release(turborepo): 2.9.6-canary.2 (#12588)
• 9018c65 chore: Delete agents app (#12587)
• 5d19186 chore: Update dependencies found in audits (#12586)
• 8338f42 fix: Add missing @types/node to with-svelte example apps (#12585)
• 219b602 fix: Surface actionable message when remote cache is requested but not linked...
• aba98af release(turborepo): 2.9.6-canary.1 (#12583)
• Additional commits viewable in compare view

Updates vitest from 4.1.3 to 4.1.4

Release notes

Sourced from vitest's releases.

v4.1.4

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in vitest-dev/vitest#10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in vitest-dev/vitest#10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in vitest-dev/vitest#9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in vitest-dev/vitest#10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

Commits

• ac04bac chore: release v4.1.4
• 82c858d chore: Remove no-op function in plugin config logic (#8501)
• d4fbb5c feat(experimental): support aria snapshot (#9668)
• b77de96 feat(reporter): add filterMeta option to json reporter (#10078)
• a120e3a feat(experimental): expose assertion as a public field (#10095)
• 5375780 feat(coverage): default to text reporter skipFull if agent detected (#10018)
• a1b5f0f fix: make expect(..., message) consistent as error message prefix (#10068)
• 203f07a fix: use "black" foreground for labeled terminal message to ensure contrast (...
• See full diff in compare view

Updates @hono/node-server from 1.19.12 to 1.19.14

Release notes

Sourced from @​hono/node-server's releases.

v1.19.14

What's Changed

• fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @​usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

Commits

• b5e63a3 1.19.14
• c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
• fd64e65 1.19.13
• 025c30f Merge commit from fork
• See full diff in compare view

Updates @langchain/core from 1.1.39 to 1.1.40

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.40

Patch Changes

• #10694 d3e0809 Thanks @​hntrl! - refactor(core): decouple tracer-only metadata defaults from runnable metadata
  • Add tracer-scoped inheritable metadata/tag options in callback manager while keeping backward-compatible aliases.
  • Move configurable-to-tracing metadata derivation into a tracer-only path and keep ensureConfig metadata mirroring limited to model.
  • Update LangChainTracer default metadata/tag handling and add regression tests for stream events metadata behavior.

Commits

• 0c79948 chore: version packages (#10699)
• c955df4 chore(ci): use pnpm and peerDeps for pkg.pr.new previews (#10702)
• 301b086 ci: add PR title lint workflow (#10703)
• 880e396 fix(redis): harden RediSearch filter query construction (#10701)
• 71e53f1 fix(langchain): Prevent local file corruption when using LocalFileStore (#...
• d3e0809 refactor(core): decouple tracer defaults from langsmith callback naming (#10694)
• c308903 feat: add MINIMAL thinking level for Gemini 3 Flash models (#10665)
• 6845a1e chore: version packages (#10690)
• 5a6e0ab fix(agents): derive middleware hook state from invocation state (#10693)
• 607696e chore(ci): add label-gated publish-preview workflow (#10696)
• Additional commits viewable in compare view

Updates @langchain/openai from 1.4.2 to 1.4.4

Release notes

Sourced from @​langchain/openai's releases.

@​langchain/openai@​1.4.4

Patch Changes

• #10681 2301260 Thanks @​hntrl! - fix(openai): add index to streaming reasoning content blocks for proper chunk merging

@​langchain/openai@​1.4.3

Patch Changes

• #10670 6b8ef6c Thanks @​christian-bromann! - fix(openai): preserve plain string responses content

Commits

• e5b6e1c chore: version packages (#10682)
• 2301260 fix(openai): add index to streaming reasoning content blocks for proper chunk...
• 9a65edf chore: version packages (#10671)
• f069365 chore(langchain): bump langgraph (#10673)
• 6b8ef6c fix(openai): preserve plain string responses content (#10670)
• 80561a0 chore: remove community package, relocate providers (#10667)
• f09cb65 fix: patch 10 critical+high security alerts (#10557)
• 47cc3ec fix: patch 16 security alerts (all severities) (#10663)
• See full diff in compare view

Updates better-auth from 1.5.6 to 1.6.5

Release notes

Sourced from better-auth's releases.

v1.6.5

better-auth

Bug Fixes

• Clarified recommended production usage for the test utils plugin (#9119)
• Fixed session not refreshing after /change-password and /revoke-other-sessions (#9087)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Security

• Fixed GHSA-xr8f-h2gw-9xh6, a high-severity authorization bypass in @better-auth/oauth-provider where unprivileged authenticated users could create OAuth clients when deployments relied on clientPrivileges to restrict client creation.
• First patched stable version: @better-auth/oauth-provider@1.6.5.
• Note: the published beta line (1.7.0-beta.0 and 1.7.0-beta.1) remains affected until a fixed beta release is published.

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​GautamBytes, @​ramonclaudio

Full changelog: v1.6.4...v1.6.5

v1.6.4

better-auth

Bug Fixes

• Fixed forceAllowId UUIDs set in database hooks being ignored on PostgreSQL adapters when advanced.database.generateId is set to "uuid" (#9068)
• Reverted 2FA enforcement scope to credential sign-in paths only, so magic link, email OTP, OAuth, SSO, passkey, and other non-credential sign-in flows no longer trigger a 2FA challenge (#9205)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​GautamBytes, @​gustavovalverde

Full changelog: v1.6.3...v1.6.4

v1.6.3

better-auth

Features

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.5

Patch Changes

• #9119 938dd80 Thanks @​GautamBytes! - clarify recommended production usage for the test utils plugin

• #9087 0538627 Thanks @​ramonclaudio! - fix(client): refetch session after /change-password and /revoke-other-sessions

• Updated dependencies []:

  • @​better-auth/core@​1.6.5
  • @​better-auth/drizzle-adapter@​1.6.5
  • @​better-auth/kysely-adapter@​1.6.5
  • @​better-auth/memory-adapter@​1.6.5
  • @​better-auth/mongo-adapter@​1.6.5
  • @​better-auth/prisma-adapter@​1.6.5
  • @​better-auth/telemetry@​1.6.5

1.6.4

Patch Changes

• #9205 9aed910 Thanks @​gustavovalverde! - fix(two-factor): revert enforcement broadening from #9122

  Restores the pre-#9122 enforcement scope. 2FA is challenged only on /sign-in/email, /sign-in/username, and /sign-in/phone-number, matching the behavior that shipped through v1.6.2. Non-credential sign-in flows (magic link, email OTP, OAuth, SSO, passkey, SIWE, one-tap, phone-number OTP, device authorization, email-verification auto-sign-in) are no longer gated by a 2FA challenge by default.

  A broader enforcement scope with per-method opt-outs and alignment to NIST SP 800-63B-4 authenticator assurance levels is planned for a future minor release.

• #9068 acbd6ef Thanks @​GautamBytes! - Fix forced UUID user IDs from create hooks being ignored on PostgreSQL adapters when advanced.database.generateId is set to "uuid".

• #9165 39d6af2 Thanks @​gustavovalverde! - chore(adapters): require patched drizzle-orm and kysely peer versions

  Narrows the drizzle-orm peer to ^0.45.2 and the kysely peer to ^0.28.14. Both new ranges track the minor line that carries the vulnerability fix and nothing newer, so the adapters only advertise support for versions that have actually been tested against. Consumers on older ORM releases see an install-time warning and can upgrade alongside the adapter; the peer is marked optional, so installs do not hard-fail.

• Updated dependencies [39d6af2]:

  • @​better-auth/drizzle-adapter@​1.6.4
  • @​better-auth/kysely-adapter@​1.6.4
  • @​better-auth/core@​1.6.4
  • @​better-auth/memory-adapter@​1.6.4
  • @​better-auth/mongo-adapter@​1.6.4
  • @​better-auth/prisma-adapter@​1.6.4
  • @​better-auth/telemetry@​1.6.4

1.6.3

Patch Changes

• #9131 5142e9c Thanks @​gustavovalverde! - harden dynamic baseURL handling for direct auth.api.* calls and plugin metadata helpers

  Direct auth.api.* calls

  • Throw APIError with a clear message when the baseURL can't be resolved (no source and no fallback), instead of leaving ctx.context.baseURL = "" for downstream plugins to crash on.

... (truncated)

Commits

• c8a91f4 chore: release v1.6.5 (#9209)
• 938dd80 docs(test-utils): clarify production usage (#9119)
• 0538627 fix(client): trigger $sessionSignal for session-rotating endpoints (#9087)
• 9ec849f chore: release v1.6.4 (#9175)
• 39d6af2 chore(adapters): require patched drizzle-orm and kysely peer versions (#9165)
• ba03fb5 chore(deps): bump electron and next devDependencies to patched versions (#9166)
• 9aed910 fix(two-factor): revert enforcement broadening from #9122 (#9205)
• acbd6ef fix: honor forceAllowId UUIDs on postgres adapters (#9068)
• 6f17bb3 chore: release v1.6.3 (#9081)
• 9a6d475 fix(client): prevent isMounted race condition causing many rps (#9078)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for better-auth since your current version.

Updates deepagents from 1.8.8 to 1.9.0

Release notes

Sourced from deepagents's releases.

deepagents@1.9.0

Minor Changes

• #404 ca5cc0a Thanks @​colifran! - feat(deepagents): support multimodal files for backends

• #404 ca5cc0a Thanks @​colifran! - chore(deepagents): refactor backend method names - lsInfo -> ls, grepRaw -> grep, globInfo -> glob

• #404 ca5cc0a Thanks @​colifran! - feat(sdk): add async subagent middleware for remote LangGraph servers

Patch Changes

• #434 89ee206 Thanks @​hntrl! - bump langgraph + langchain versions

• #404 ca5cc0a Thanks @​hntrl! - feat(deepagents): add completion notifier middleware for async subagents

• #404 ca5cc0a Thanks @​colifran! - chore(sdk): unify sync subagents and async subagents into a single property

• #419 815bc0f Thanks @​colifran! - fix: deprecate backend factories and support zero-arg constructors for StateBackend and StoreBackend

• #422 dc030a5 Thanks @​JadenKim-dev! - fix: add default value to grep tool glob schema for strict mode compatibility

• #404 ca5cc0a Thanks @​hntrl! - rename completion notifier to completion callback and align names

• #404 ca5cc0a Thanks @​colifran! - extend supported file types

• #404 ca5cc0a Thanks @​hntrl! - fix(deepagents): align prompt templates with runtime behavior

  • Align read_file long-line guidance with runtime behavior by rendering MAX_LINE_LENGTH in the prompt.
  • Normalize middleware prompt/template text for filesystem, memory, subagents, and summarization to match current behavior and improve consistency.
  • Remove Python-specific phrasing from skills guidance to keep descriptions language-agnostic.

• #404 ca5cc0a Thanks @​hntrl! - clean up factory method middleware wiring

• #404 ca5cc0a Thanks @​colifran! - chore(sdk): update async subagent middleware for agent protocol

• #404 ca5cc0a Thanks @​colifran! - fix(sdk): AsyncTask updatedAt field doesn't update on task status changes

deepagents@1.9.0-alpha.1

Patch Changes

• #419 815bc0f Thanks @​colifran! - fix: deprecate backend factories and support zero-arg constructors for StateBackend and StoreBackend

• #422 dc030a5 Thanks @​JadenKim-dev! - fix: add default value to grep tool glob schema for strict mode compatibility

• #404 ca5cc0a Thanks @​hntrl! - rename completion notifier to completion callback and align names

• #404 ca5cc0a Thanks @​hntrl! - extend supported file types

• #404 ca5cc0a Thanks @​hntrl! - fix(deepagents): align prompt templates with runtime behavior

  • Align read_file long-line guidance with runtime behavior by rendering MAX_LINE_LENGTH in the prompt.
  • Normalize middleware prompt/template text for filesystem, memory, subagents, and summarization to match current behavior and improve consistency.

... (truncated)

Commits

• 02c1c7f chore: version packages (#433)
• 89ee206 chore: upgrade langgraph + langchain (#434)
• 3648cdd chore: exit pre-release (#432)
• c9fafe8 build(deps-dev): bump vite from 8.0.3 to 8.0.5 (#431)
• 2877762 chore: version packages (alpha) (#429)
• 6830c24 chore: patch package versions (#430)
• fa80a36 chore: fix changeset (#428)
• 37a12fa fix(deps): patch all open Dependabot security vulnerabilities via pnpm overri...
• dc030a5 fix: add default value to grep tool glob schema for strict mode compatibility...
• a0fb3e1 Merge pull request #423 from langchain-ai/add-quick-test
• Additional commits viewable in compare view

Updates dotenv from 17.4.0 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates hono from 4.12.10 to 4.12.14

Release notes

Sourced from hono's releases.

v4.12.14

Security fixes

This release includes fixes for the following security issues:

Improper handling of JSX attribute names in hono/jsx SSR

Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375

Other changes

• fix(aws-lambda): handle invalid header names in request processing (#4883) fa2c74fe

v4.12.13

What's Changed

• fix(types): infer response type from last handler in app.on 9-/10-handler overloads by @​T4ko0522 in honojs/hono#4865
• feat(trailing-slash): add skip option by @​yusukebe in honojs/hono#4862
• feat(cache): add onCacheNotAvailable option by @​yusukebe in honojs/hono#4876

New Contributors

• @​T4ko0522 made their first contribution in honojs/hono#4865Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml