From fe0407a9e0e609c64327680f8e8849c598f1c404 Mon Sep 17 00:00:00 2001 From: Konstantin Konstantinov Date: Fri, 16 Jan 2026 15:38:30 +0200 Subject: [PATCH 1/2] v2: pnpm audit fixes --- pnpm-lock.yaml | 54 +++++++++++++++++++++++++++------------------ pnpm-workspace.yaml | 14 +++++++----- 2 files changed, 40 insertions(+), 28 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 66600384f..5a2461038 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -7,7 +7,7 @@ settings: catalogs: devTools: '@eslint/js': - specifier: ^9.39.1 + specifier: ^9.39.2 version: 9.39.2 '@types/content-type': specifier: ^1.1.8 @@ -22,7 +22,7 @@ catalogs: specifier: ^1.1.15 version: 1.1.15 '@types/express': - specifier: ^5.0.0 + specifier: ^5.0.6 version: 5.0.6 '@types/express-serve-static-core': specifier: ^5.1.0 @@ -37,7 +37,7 @@ catalogs: specifier: ^7.0.0-dev.20251217.1 version: 7.0.0-dev.20260105.1 eslint: - specifier: ^9.8.0 + specifier: ^9.39.2 version: 9.39.2 eslint-config-prettier: specifier: ^10.1.8 @@ -83,12 +83,12 @@ catalogs: specifier: ^3.0.0 version: 3.0.6 jose: - specifier: ^6.1.1 + specifier: ^6.1.3 version: 6.1.3 runtimeServerOnly: '@hono/node-server': - specifier: ^1.19.7 - version: 1.19.7 + specifier: ^1.19.8 + version: 1.19.8 cors: specifier: ^2.8.5 version: 2.8.5 @@ -96,8 +96,8 @@ catalogs: specifier: ^5.2.1 version: 5.2.1 hono: - specifier: ^4.11.1 - version: 4.11.3 + specifier: ^4.11.4 + version: 4.11.4 runtimeShared: '@cfworker/json-schema': specifier: ^4.1.1 @@ -145,7 +145,7 @@ importers: version: link:packages/client '@modelcontextprotocol/conformance': specifier: 0.1.9 - version: 0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.3) + version: 0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.4) '@modelcontextprotocol/node': specifier: workspace:^ version: link:packages/middleware/node @@ -310,7 +310,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.7(hono@4.11.3) + version: 1.19.8(hono@4.11.4) '@modelcontextprotocol/examples-shared': specifier: workspace:^ version: link:../shared @@ -337,7 +337,7 @@ importers: version: 5.2.1 hono: specifier: catalog:runtimeServerOnly - version: 4.11.3 + version: 4.11.4 zod: specifier: catalog:runtimeShared version: 4.3.5 @@ -651,7 +651,7 @@ importers: dependencies: hono: specifier: catalog:runtimeServerOnly - version: 4.11.3 + version: 4.11.4 devDependencies: '@eslint/js': specifier: catalog:devTools @@ -700,7 +700,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.7(hono@4.11.3) + version: 1.19.8(hono@4.11.4) devDependencies: '@eslint/js': specifier: catalog:devTools @@ -1211,6 +1211,12 @@ packages: peerDependencies: hono: ^4 + '@hono/node-server@1.19.8': + resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==} + engines: {node: '>=18.14.1'} + peerDependencies: + hono: ^4 + '@humanfs/core@0.19.1': resolution: {integrity: sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==} engines: {node: '>=18.18.0'} @@ -2752,8 +2758,8 @@ packages: resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==} engines: {node: '>= 0.4'} - hono@4.11.3: - resolution: {integrity: sha512-PmQi306+M/ct/m5s66Hrg+adPnkD5jiO6IjA7WhWw0gSBSo1EcRegwuI1deZ+wd5pzCGynCcn2DprnE4/yEV4w==} + hono@4.11.4: + resolution: {integrity: sha512-U7tt8JsyrxSRKspfhtLET79pU8K+tInj5QZXs1jSugO1Vq5dFj3kmZsRldo29mTBfcjDRVRXrEZ6LS63Cog9ZA==} engines: {node: '>=16.9.0'} hookable@6.0.1: @@ -4221,9 +4227,13 @@ snapshots: '@eslint/core': 0.17.0 levn: 0.4.1 - '@hono/node-server@1.19.7(hono@4.11.3)': + '@hono/node-server@1.19.7(hono@4.11.4)': + dependencies: + hono: 4.11.4 + + '@hono/node-server@1.19.8(hono@4.11.4)': dependencies: - hono: 4.11.3 + hono: 4.11.4 '@humanfs/core@0.19.1': {} @@ -4273,9 +4283,9 @@ snapshots: globby: 11.1.0 read-yaml-file: 1.1.0 - '@modelcontextprotocol/conformance@0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.3)': + '@modelcontextprotocol/conformance@0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.4)': dependencies: - '@modelcontextprotocol/sdk': 1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.3)(zod@3.25.76) + '@modelcontextprotocol/sdk': 1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76) commander: 14.0.2 eventsource-parser: 3.0.6 express: 5.2.1 @@ -4286,9 +4296,9 @@ snapshots: - hono - supports-color - '@modelcontextprotocol/sdk@1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.3)(zod@3.25.76)': + '@modelcontextprotocol/sdk@1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76)': dependencies: - '@hono/node-server': 1.19.7(hono@4.11.3) + '@hono/node-server': 1.19.7(hono@4.11.4) ajv: 8.17.1 ajv-formats: 3.0.1(ajv@8.17.1) content-type: 1.0.5 @@ -5755,7 +5765,7 @@ snapshots: dependencies: function-bind: 1.1.2 - hono@4.11.3: {} + hono@4.11.4: {} hookable@6.0.1: {} diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 61f34ddb3..eee336b2d 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -6,17 +6,17 @@ packages: catalogs: devTools: - '@eslint/js': ^9.39.1 + '@eslint/js': ^9.39.2 '@types/content-type': ^1.1.8 '@types/cors': ^2.8.17 '@types/cross-spawn': ^6.0.6 '@types/eventsource': ^1.1.15 - '@types/express': ^5.0.0 + '@types/express': ^5.0.6 '@types/express-serve-static-core': ^5.1.0 '@types/supertest': ^6.0.2 '@types/ws': ^8.5.12 '@typescript/native-preview': ^7.0.0-dev.20251217.1 - eslint: ^9.8.0 + eslint: ^9.39.2 eslint-config-prettier: ^10.1.8 eslint-plugin-n: ^17.23.1 prettier: 3.6.2 @@ -32,13 +32,13 @@ catalogs: cross-spawn: ^7.0.5 eventsource: ^3.0.2 eventsource-parser: ^3.0.0 - jose: ^6.1.1 + jose: ^6.1.3 runtimeServerOnly: - '@hono/node-server': ^1.19.7 + '@hono/node-server': ^1.19.9 content-type: ^1.0.5 cors: ^2.8.5 express: ^5.2.1 - hono: ^4.11.1 + hono: ^4.11.4 raw-body: ^3.0.0 runtimeShared: '@cfworker/json-schema': ^4.1.1 @@ -56,6 +56,8 @@ linkWorkspacePackages: deep minimumReleaseAge: 10080 # 7 days minimumReleaseAgeExclude: - '@modelcontextprotocol/conformance' + - hono@4.11.4 # fixes https://github.com/advisories/GHSA-3vhc-576x-3qv4 https://github.com/advisories/GHSA-f67f-6cw9-8mq4 + - '@hono/node-server@1.19.8' # https://github.com/honojs/node-server/pull/295 onlyBuiltDependencies: - better-sqlite3 From 78f99f53eceea9d4133390d69d04f51b2502ecfc Mon Sep 17 00:00:00 2001 From: Konstantin Konstantinov Date: Fri, 16 Jan 2026 15:54:30 +0200 Subject: [PATCH 2/2] add minimum release age exclude on hono 1.19.9 --- pnpm-lock.yaml | 22 +++++++++++----------- pnpm-workspace.yaml | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5a2461038..569d0b8fd 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -87,8 +87,8 @@ catalogs: version: 6.1.3 runtimeServerOnly: '@hono/node-server': - specifier: ^1.19.8 - version: 1.19.8 + specifier: ^1.19.9 + version: 1.19.9 cors: specifier: ^2.8.5 version: 2.8.5 @@ -310,7 +310,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.8(hono@4.11.4) + version: 1.19.9(hono@4.11.4) '@modelcontextprotocol/examples-shared': specifier: workspace:^ version: link:../shared @@ -700,7 +700,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.8(hono@4.11.4) + version: 1.19.9(hono@4.11.4) devDependencies: '@eslint/js': specifier: catalog:devTools @@ -1205,14 +1205,14 @@ packages: resolution: {integrity: sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==} engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - '@hono/node-server@1.19.7': - resolution: {integrity: sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==} + '@hono/node-server@1.19.8': + resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==} engines: {node: '>=18.14.1'} peerDependencies: hono: ^4 - '@hono/node-server@1.19.8': - resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==} + '@hono/node-server@1.19.9': + resolution: {integrity: sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==} engines: {node: '>=18.14.1'} peerDependencies: hono: ^4 @@ -4227,11 +4227,11 @@ snapshots: '@eslint/core': 0.17.0 levn: 0.4.1 - '@hono/node-server@1.19.7(hono@4.11.4)': + '@hono/node-server@1.19.8(hono@4.11.4)': dependencies: hono: 4.11.4 - '@hono/node-server@1.19.8(hono@4.11.4)': + '@hono/node-server@1.19.9(hono@4.11.4)': dependencies: hono: 4.11.4 @@ -4298,7 +4298,7 @@ snapshots: '@modelcontextprotocol/sdk@1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76)': dependencies: - '@hono/node-server': 1.19.7(hono@4.11.4) + '@hono/node-server': 1.19.8(hono@4.11.4) ajv: 8.17.1 ajv-formats: 3.0.1(ajv@8.17.1) content-type: 1.0.5 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index eee336b2d..c38dc642b 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -57,7 +57,7 @@ minimumReleaseAge: 10080 # 7 days minimumReleaseAgeExclude: - '@modelcontextprotocol/conformance' - hono@4.11.4 # fixes https://github.com/advisories/GHSA-3vhc-576x-3qv4 https://github.com/advisories/GHSA-f67f-6cw9-8mq4 - - '@hono/node-server@1.19.8' # https://github.com/honojs/node-server/pull/295 + - '@hono/node-server@1.19.9' # https://github.com/honojs/node-server/pull/295 onlyBuiltDependencies: - better-sqlite3