build(deps): bump hono from 4.12.3 to 4.12.5 in /opencto/opencto-dashboard#66
Conversation
Bumps [hono](https://github.com/honojs/hono) from 4.12.3 to 4.12.5. - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.3...v4.12.5) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
OpenCTO Autonomous PR Review (2026-03-04T21:24:40.300Z)Decision: approve This PR updates the hono dependency from version 4.12.3 to 4.12.5, which includes important security fixes and minor bug fixes. The update addresses multiple security advisories related to SSE control field injection, cookie attribute injection, and middleware bypass, improving the security posture of the project. Additionally, other bug fixes and improvements to the library are included. The update was made only in the package-lock.json and does not introduce code changes directly. Approving this upgrade is important to maintain security and stability. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-05T15:54:12.827Z)Decision: approve This PR updates the hono dependency from version 4.12.3 to 4.12.5, which includes important security fixes addressing SSE Control Field Injection, Cookie Attribute Injection, and Middleware Bypass vulnerabilities, as well as multiple bug fixes. The update involves minimal changes limited to the package-lock.json, indicating low risk to the existing codebase. Overall, it is a necessary and beneficial upgrade to improve security and stability. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-05T15:59:07.563Z)Decision: approve This PR updates the hono dependency from version 4.12.3 to 4.12.5, which includes important security fixes for SSE Control Field Injection, Cookie Attribute Injection, and Middleware Bypass vulnerabilities. Additionally, it contains multiple bug fixes and improvements. The update is minor, backward-compatible, and limited to package-lock.json changes with no source code modifications, minimizing risk. Overall, the update improves security and stability without adverse effects. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-05T16:00:00.548Z)Decision: approve This PR updates the hono dependency from version 4.12.3 to 4.12.5, including important security fixes and bug fixes. The updated versions address security issues related to SSE control field injection, cookie attribute injection, and middleware bypass in serve static. Additional fixes improve JWT token validation and request parameter handling. The changes are limited to package-lock.json and have no breaking API changes noted. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-05T16:01:27.300Z)Decision: approve Dependency update of hono from 4.12.3 to 4.12.5 includes important security fixes and bug fixes without any breaking changes. The PR only modifies the package-lock.json file, minimizing risk. The release notes indicate fixes for security vulnerabilities in Streaming Helper, Cookie utility, and Serve Static middleware. These security improvements warrant prompt update and acceptance of this PR. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-05T16:10:20.788Z)Decision: approve The PR updates the hono dependency from version 4.12.3 to 4.12.5, which includes important security fixes and bug patches. The release notes highlight fixes for SSE Control Field Injection, Cookie Attribute Injection, and Middleware Bypass vulnerabilities, along with other bug fixes. This upgrade is recommended to improve security and stability without breaking changes. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-05T16:11:44.334Z)Decision: approve The PR bumps hono dependency from 4.12.3 to 4.12.5, which contains important security fixes including fixes for SSE Control Field Injection, Cookie Attribute Injection, and Middleware Bypass vulnerabilities. It also includes bug fixes and improvements. The upgrade is a patch version bump and should be backward compatible. No source code changes other than dependency version update and package-lock.json modifications are included. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-05T19:40:17.998Z)Decision: approve This PR updates the hono dependency from version 4.12.3 to 4.12.5, which includes important security fixes for SSE Control Field Injection, Cookie Attribute Injection, and Middleware Bypass vulnerabilities. Additionally, several bug fixes and improvements have been incorporated. The change is confined to the package-lock.json file, indicating a dependency update only, with no source code modifications in the project. Therefore, this update enhances security and stability without introducing breaking changes. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-06T17:03:05.202Z)Decision: approve This PR updates the hono dependency from version 4.12.3 to 4.12.5, which includes important security fixes related to SSE control field injection, cookie attribute injection, and middleware bypass issues. It also contains several bug fixes and improvements. The changelog does not indicate any breaking changes, and only the package-lock.json file was modified, suggesting a safe dependency upgrade. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-08T17:15:35.315Z)Decision: approve The PR updates the 'hono' dependency from version 4.12.3 to 4.12.5, incorporating important bug fixes and security patches related to SSE control field injection, cookie attribute injection, and middleware bypass. The update addresses several security advisories and minor fixes that improve robustness and security of the package without breaking changes. The changes are limited to package-lock.json and should not impact existing functionality negatively. Concerns: none identified. |
OpenCTO Autonomous PR Review (2026-03-09T16:51:48.362Z)Decision: approve The PR updates the hono dependency from version 4.12.3 to 4.12.5, including important security fixes and bug fixes. The changelog shows fixes for SSE control field injection, cookie attribute injection, middleware bypass, and other minor fixes, improving stability and security. The update involves only package-lock.json with minimal changes, posing low risk. It is recommended to merge to incorporate these fixes and enhancements. Concerns: none identified. |
1 participant
Bumps hono from 4.12.3 to 4.12.5.
Release notes
Sourced from hono's releases.
Commits
18cc5954.12.55d59ac7chore(eslint): upgrade@hono/eslint-config(#4781)b8cff18fix(jsx): Fix "Invalid state: Controller is already closed" (#4770)8c4d7f3fix(jwt): validate token format in decode and decodeHeader functions (#4752)0f49915fix(request): returnstring | undefinedfrom param() when path type is any ...19d20d24.12.444ae0c8Merge commit from forkf4123edMerge commit from fork80a9837fix(utils/url): specify the return type oftryDecodeURI(#4779)6a0607aMerge commit from forkDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.