fix(deps): update non-major dependencies#2
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/non-major-dependencies
branch
2 times, most recently
from
a6f42cf to
b719fd2
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/non-major-dependencies
branch
2 times, most recently
from
feae7b6 to
608e7c4
Compare
renovate
Bot
force-pushed
the
renovate/non-major-dependencies
branch
from
608e7c4 to
635665f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
22.19.17→22.19.1922.19.21(+1)^4.12.19→^4.12.234.12.25(+1)20→20.20.2^4.22.2→^4.22.4^2.50.3→^2.51.32.52.2(+1)Release Notes
honojs/hono (hono)
v4.12.23Compare Source
What's Changed
COMPRESSIBLE_CONTENT_TYPE_REGEXre-export by @na-trium-144 in #4961::by @yusukebe in #4971Full Changelog: honojs/hono@v4.12.22...v4.12.23
v4.12.22Compare Source
What's Changed
New Contributors
Full Changelog: honojs/hono@v4.12.21...v4.12.22
v4.12.21Compare Source
Security fixes
This release includes fixes for the following security issues:
app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
Affects:
app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3IP Restriction bypasses static deny rules for non-canonical IPv6
Affects:
hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection
Affects:
hono/cookie. Fixes missing validation ofsameSiteandpriorityoptions against injection characters (;,\r,\n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5xJWT middleware accepts any Authorization scheme, not only Bearer
Affects:
hono/jwt,hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474Users who use
app.mount(),hono/ip-restriction,hono/cookie, orhono/jwt/hono/jwkare encouraged to upgrade to this version.v4.12.20Compare Source
What's Changed
New Contributors
Full Changelog: honojs/hono@v4.12.19...v4.12.20
actions/node-versions (node)
v20.20.2: 20.20.2Compare Source
Node.js 20.20.2
v20.20.1: 20.20.1Compare Source
Node.js 20.20.1
v20.20.0: 20.20.0Compare Source
Node.js 20.20.0
v20.19.6: 20.19.6Compare Source
Node.js 20.19.6
v20.19.5: 20.19.5Compare Source
Node.js 20.19.5
v20.19.4: 20.19.4Compare Source
Node.js 20.19.4
v20.19.3: 20.19.3Compare Source
Node.js 20.19.3
v20.19.2: 20.19.2Compare Source
Node.js 20.19.2
v20.19.1: 20.19.1Compare Source
Node.js 20.19.1
v20.19.0: 20.19.0Compare Source
Node.js 20.19.0
v20.18.3: 20.18.3Compare Source
Node.js 20.18.3
v20.18.2: 20.18.2Compare Source
Node.js 20.18.2
v20.18.1: 20.18.1Compare Source
Node.js 20.18.1
v20.18.0: 20.18.0Compare Source
Node.js 20.18.0
v20.17.0: 20.17.0Compare Source
Node.js 20.17.0
v20.16.0: 20.16.0Compare Source
Node.js 20.16.0
v20.15.1: 20.15.1Compare Source
Node.js 20.15.1
v20.15.0: 20.15.0Compare Source
Node.js 20.15.0
v20.14.0: 20.14.0Compare Source
Node.js 20.14.0
v20.13.1: 20.13.1Compare Source
Node.js 20.13.1
v20.13.0: 20.13.0Compare Source
Node.js 20.13.0
v20.12.2: 20.12.2Compare Source
Node.js 20.12.2
v20.12.1: 20.12.1Compare Source
Node.js 20.12.1
v20.12.0: 20.12.0Compare Source
Node.js 20.12.0
v20.11.1: 20.11.1Compare Source
Node.js 20.11.1
v20.11.0: 20.11.0Compare Source
Node.js 20.11.0
v20.10.0: 20.10.0Compare Source
Node.js 20.10.0
v20.9.0: 20.9.0Compare Source
Node.js 20.9.0
v20.8.1: 20.8.1Compare Source
Node.js 20.8.1
v20.8.0: 20.8.0Compare Source
Node.js 20.8.0
v20.7.0: 20.7.0Compare Source
Node.js 20.7.0
v20.6.1: 20.6.1Compare Source
Node.js 20.6.1
v20.6.0: 20.6.0Compare Source
Node.js 20.6.0
v20.5.1: 20.5.1Compare Source
Node.js 20.5.1
v20.5.0: 20.5.0Compare Source
Node.js 20.5.0
v20.4.0: 20.4.0Compare Source
Node.js 20.4.0
v20.3.1: 20.3.1Compare Source
Node.js 20.3.1
v20.3.0: 20.3.0Compare Source
Node.js 20.3.0
v20.2.0: 20.2.0Compare Source
Node.js 20.2.0
v20.1.0: 20.1.0Compare Source
Node.js 20.1.0
privatenumber/tsx (tsx)
v4.22.4Compare Source
Bug Fixes
This release is also available on:
v4.22.3Compare Source
wevm/viem (viem)
v2.51.3Compare Source
Patch Changes
cc15e56ae47e03d2ec8fe9b0e443b4e52b7c350aThanks @deodad! - Fixed access key metadata reads incorrectly using the client account.v2.51.2Compare Source
Patch Changes
#4668
672a7ef72cd7fb9b9330d5c90979729e6b96cbbcThanks @deodad! -viem/tempo: FixedsignVoucherto raw sign channel vouchers with access key accounts.#4672
c582dad966c136488b9f36c01f0f3986ff98e407Thanks @deodad! - Added a Tempo key authorization manager that can be used byprepareTransactionRequestto attach pending key authorizations.v2.51.0Compare Source
Minor Changes
#4663
752712f1d2358715e9d63bd754f80c90a8d02e91Thanks @jxom! -viem/tempo: AddedActions.channelactions for reading and mutating TIP-20 channel reserve state.#4597
d346038e71f31cb1c82fc94bb49c4ac553a23717Thanks @wwared! -viem/op-stack: Added OP Stack super-root dispute game support for withdrawal prove flows.#4661
9713c7562eac9fd328e6cc1be7388bc1659a9c27Thanks @jxom! - Updated generated Tempo precompile ABIs from latest Tempo main and addedlogoURIto TIP-20 metadata and token creation.#4653
a29cf5eef5809b50bbb7931f35331203c32d7692Thanks @islishude! - Added support foreth_getBlockReceipts.Patch Changes
#4650
73b8b89c0369597bf4df781b021130f544ebe6b0Thanks @deodad! - ExportedExtractFormattedTransactionRequest.#4664
c3fda73603695bc68336f6e22f6475ba6ed0cdc7Thanks @jxom! - Handledeth_createAccessListresponses that include anerrorfield.#4660
c5cc58ebbc027029022f09eba54ed2e789b8b2b1Thanks @struong! - Emitted a full broadcast envelope when the fee payer co-signed duringeth_fillTransaction, enabling single round-trip sponsorship, and strippedfeeTokenfrom the sender's sign payload under sponsorship per the Tempo Transaction spec.#4654
038a062a8c2a875a3bbd58426e6060cf5d1d7986Thanks @deodad! - Addedrawsigning support to Tempo access key accounts.v2.50.4Compare Source
Patch Changes
423131df9e00e3df062274e483b98a4921674ceaThanks @jxom! - Fixed Tempo chain declarations to emit portable inferred types for exported derived chains.Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.