mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
Update vulnerable Hono and fast-uri dependencies (#29650)
## Summary - Pin `hono` to 4.12.25, the first patched release for the recent Hono security advisories. - Pin `fast-uri` to 3.1.1 to fix the percent-encoded path traversal vulnerability. - Refresh `pnpm-lock.yaml` with only those dependency updates. `hono` 4.12.25 is used instead of the newer 4.12.27 because the repository requires dependencies to be at least seven days old.
This commit is contained in:
@@ -14,9 +14,11 @@
|
||||
"@modelcontextprotocol/sdk": "1.26.0",
|
||||
"braces": "^3.0.3",
|
||||
"esbuild": "0.28.1",
|
||||
"fast-uri": "3.1.1",
|
||||
"flatted": "3.4.2",
|
||||
"glob@10.4.5": "10.5.0",
|
||||
"handlebars": "4.7.9",
|
||||
"hono": "4.12.25",
|
||||
"micromatch": "^4.0.8",
|
||||
"minimatch@3.1.2": "3.1.4",
|
||||
"minimatch@9.0.5": "9.0.7",
|
||||
|
||||
Generated
+14
-12
@@ -8,9 +8,11 @@ overrides:
|
||||
'@modelcontextprotocol/sdk': 1.26.0
|
||||
braces: ^3.0.3
|
||||
esbuild: 0.28.1
|
||||
fast-uri: 3.1.1
|
||||
flatted: 3.4.2
|
||||
glob@10.4.5: 10.5.0
|
||||
handlebars: 4.7.9
|
||||
hono: 4.12.25
|
||||
micromatch: ^4.0.8
|
||||
minimatch@3.1.2: 3.1.4
|
||||
minimatch@9.0.5: 9.0.7
|
||||
@@ -455,7 +457,7 @@ packages:
|
||||
resolution: {integrity: sha512-TsQLe4i2gvoTtrHje625ngThGBySOgSK3Xo2XRYOdqGN1teR8+I7vchQC46uLJi8OF62YTYA3AhSpumtkhsaKQ==}
|
||||
engines: {node: '>=18.14.1'}
|
||||
peerDependencies:
|
||||
hono: ^4
|
||||
hono: 4.12.25
|
||||
|
||||
'@humanfs/core@0.19.1':
|
||||
resolution: {integrity: sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==}
|
||||
@@ -1341,8 +1343,8 @@ packages:
|
||||
fast-levenshtein@2.0.6:
|
||||
resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
|
||||
|
||||
fast-uri@3.1.0:
|
||||
resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==}
|
||||
fast-uri@3.1.1:
|
||||
resolution: {integrity: sha512-h2r7rcm6Ee/J8o0LD5djLuFVcfbZxhvho4vvsbeV0aMvXjUgqv4YpxpkEx0d68l6+IleVfLAdVEfhR7QNMkGHQ==}
|
||||
|
||||
fastq@1.19.1:
|
||||
resolution: {integrity: sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==}
|
||||
@@ -1484,8 +1486,8 @@ packages:
|
||||
resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==}
|
||||
engines: {node: '>= 0.4'}
|
||||
|
||||
hono@4.12.12:
|
||||
resolution: {integrity: sha512-p1JfQMKaceuCbpJKAPKVqyqviZdS0eUxH9v82oWo1kb9xjQ5wA6iP3FNVAPDFlz5/p7d45lO+BpSk1tuSZMF4Q==}
|
||||
hono@4.12.25:
|
||||
resolution: {integrity: sha512-2NFaIyNVgJmBs/ecmtGzlmluTFs5cHEWGTdu0t1HBwYzoGXOL5nUQBRMXsXWla5i4KkG//QMzVP88m1+I3fdAQ==}
|
||||
engines: {node: '>=16.9.0'}
|
||||
|
||||
html-escaper@2.0.2:
|
||||
@@ -2873,9 +2875,9 @@ snapshots:
|
||||
'@eslint/core': 0.15.2
|
||||
levn: 0.4.1
|
||||
|
||||
'@hono/node-server@1.19.13(hono@4.12.12)':
|
||||
'@hono/node-server@1.19.13(hono@4.12.25)':
|
||||
dependencies:
|
||||
hono: 4.12.12
|
||||
hono: 4.12.25
|
||||
|
||||
'@humanfs/core@0.19.1': {}
|
||||
|
||||
@@ -3095,7 +3097,7 @@ snapshots:
|
||||
|
||||
'@modelcontextprotocol/sdk@1.26.0(zod@3.25.76)':
|
||||
dependencies:
|
||||
'@hono/node-server': 1.19.13(hono@4.12.12)
|
||||
'@hono/node-server': 1.19.13(hono@4.12.25)
|
||||
ajv: 8.17.1
|
||||
ajv-formats: 3.0.1(ajv@8.17.1)
|
||||
content-type: 1.0.5
|
||||
@@ -3105,7 +3107,7 @@ snapshots:
|
||||
eventsource-parser: 3.0.6
|
||||
express: 5.2.1
|
||||
express-rate-limit: 8.3.2(express@5.2.1)
|
||||
hono: 4.12.12
|
||||
hono: 4.12.25
|
||||
jose: 6.1.3
|
||||
json-schema-typed: 8.0.2
|
||||
pkce-challenge: 5.0.0
|
||||
@@ -3401,7 +3403,7 @@ snapshots:
|
||||
ajv@8.17.1:
|
||||
dependencies:
|
||||
fast-deep-equal: 3.1.3
|
||||
fast-uri: 3.1.0
|
||||
fast-uri: 3.1.1
|
||||
json-schema-traverse: 1.0.0
|
||||
require-from-string: 2.0.2
|
||||
|
||||
@@ -3905,7 +3907,7 @@ snapshots:
|
||||
|
||||
fast-levenshtein@2.0.6: {}
|
||||
|
||||
fast-uri@3.1.0: {}
|
||||
fast-uri@3.1.1: {}
|
||||
|
||||
fastq@1.19.1:
|
||||
dependencies:
|
||||
@@ -4054,7 +4056,7 @@ snapshots:
|
||||
dependencies:
|
||||
function-bind: 1.1.2
|
||||
|
||||
hono@4.12.12: {}
|
||||
hono@4.12.25: {}
|
||||
|
||||
html-escaper@2.0.2: {}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user