chore(deps): update dependency on-headers to v1.1.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
on-headers	1.0.2 -> 1.1.0

GitHub Vulnerability Alerts

CVE-2025-7339

Impact

A bug in on-headers versions < 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead()

Patches

Users should upgrade to 1.1.0

Workarounds

Uses are encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object to response.writeHead() rather than an array.

---

Release Notes

jshttp/on-headers (on-headers)

v1.1.0

Compare Source

==================

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.