Skip to content

fix(deps): update patch updates (patch)#1056

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/patch-patch-updates
Open

fix(deps): update patch updates (patch)#1056
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/patch-patch-updates

Conversation

@renovate

@renovate renovate Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@anolilab/eslint-config (source) 27.0.227.0.10 age confidence
@vitest/eslint-plugin 1.6.191.6.20 age confidence
caniuse-lite 1.0.300017971.0.30001799 age confidence
commitizen ^4.3.1^4.3.2 age confidence
hono@<4.12.14 (source) >=4.12.24>=4.12.26 age confidence
hono@<4.12.21 (source) >=4.12.24>=4.12.26 age confidence
tailwind-csstree 0.3.20.3.3 age confidence

Release Notes

anolilab/javascript-style-guide (@​anolilab/eslint-config)

v27.0.10

Compare Source

v27.0.9

Compare Source

v27.0.8

Compare Source

v27.0.7

Compare Source

v27.0.6

Compare Source

v27.0.5

Compare Source

v27.0.4

Compare Source

v27.0.3

Compare Source

Miscellaneous Chores
  • security: apply audit overrides (c0fe05e)
vitest-dev/eslint-plugin-vitest (@​vitest/eslint-plugin)

v1.6.20

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
browserslist/caniuse-lite (caniuse-lite)

v1.0.30001799

Compare Source

honojs/hono (hono@<4.12.14)

v4.12.26

Compare Source

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

v4.12.25

Compare Source

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@​Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

humanwhocodes/tailwind-csstree (tailwind-csstree)

v0.3.3

Compare Source

Bug Fixes

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • "after 10:00 before 19:00 every weekday except after 13:00 before 14:00"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
fix(deps): update patch updates
9cbcac1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
@renovate renovate Bot requested a review from prisis as a code owner June 22, 2026 10:08
@renovate renovate Bot added the c: dependencies Pull requests that adds/updates a dependency label Jun 22, 2026
@renovate

renovate Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

<--- Last few GCs --->

[1012:0x2e8db000]   129239 ms: Scavenge (reduce) (interleaved) 1491.7 (1513.9) -> 1490.7 (1513.4) MB, pooled: 0 MB, 13.55 / 0.00 ms  (average mu = 0.362, current mu = 0.354) allocation failure; 
[1012:0x2e8db000]   129293 ms: Mark-Compact (reduce) 1490.7 (1513.4) -> 1486.8 (1511.5) MB, pooled: 0 MB, 53.94 / 0.02 ms  (+ 1696.7 ms in 0 steps since start of marking, biggest step 0.0 ms, walltime since start of marking 1936 ms) (average mu = 0.328, c

<--- JS stacktrace --->

FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0xe46bbe node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/22.22.3/bin/node]
 2: 0x1243640 v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/22.22.3/bin/node]
 3: 0x1243917 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/22.22.3/bin/node]
 4: 0x1472825  [/opt/containerbase/tools/node/22.22.3/bin/node]
 5: 0x1472853  [/opt/containerbase/tools/node/22.22.3/bin/node]
 6: 0x148b92a  [/opt/containerbase/tools/node/22.22.3/bin/node]
 7: 0x148eaf8  [/opt/containerbase/tools/node/22.22.3/bin/node]
 8: 0x1cf7681  [/opt/containerbase/tools/node/22.22.3/bin/node]
/usr/local/bin/node: line 18:  1012 Aborted                 /opt/containerbase/tools/node/22.22.3/bin/node "$@"

@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Thank you for following the naming conventions! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisis prisis Awaiting requested review from prisis prisis is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c: dependencies Pull requests that adds/updates a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants