Skip to content

Bump the npm_and_yarn group across 1 directory with 6 updates#25

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-9f0969dc18
Open

Bump the npm_and_yarn group across 1 directory with 6 updates#25
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-9f0969dc18

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 4, 2026

Bumps the npm_and_yarn group with 3 updates in the / directory: @hono/node-server, minimatch and flatted.

Updates @hono/node-server from 1.19.6 to 1.19.11

Release notes

Sourced from @​hono/node-server's releases.

v1.19.11

What's Changed

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

v1.19.9

What's Changed

Full Changelog: honojs/node-server@v1.19.8...v1.19.9

v1.19.8

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.19.7...v1.19.8

v1.19.7

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.19.6...v1.19.7

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates defu from 6.1.4 to 6.1.6

Release notes

Sourced from defu's releases.

v6.1.6

compare changes

📦 Build

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

✅ Tests

  • Add more tests for plain objects (b65f603)

❤️ Contributors

Changelog

Sourced from defu's changelog.

v6.1.6

compare changes

📦 Build

❤️ Contributors

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

🏡 Chore

✅ Tests

  • Add more tests for plain objects (b65f603)

🤖 CI

❤️ Contributors

Commits
  • 001c290 chore(release): v6.1.6
  • 407b516 build: fix mixed types
  • 23e59e6 chore(release): v6.1.5
  • 11ba022 fix: ignore inherited enumerable properties
  • 3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
  • d3ef16d chore(deps): update actions/checkout action to v6 (#151)
  • 869a053 chore(deps): update actions/setup-node action to v6 (#149)
  • a97310c chore(deps): update codecov/codecov-action action to v6 (#154)
  • 89df6bb chore: fix typecheck
  • 9237d9c ci: bump node
  • Additional commits viewable in compare view

Updates effect from 3.18.4 to 3.20.0

Release notes

Sourced from effect's releases.

effect@3.20.0

Minor Changes

Patch Changes

  • #6107 fc82e81 Thanks @​gcanti! - Backport Types.VoidIfEmpty to 3.x

  • #6088 82996bc Thanks @​taylorOntologize! - Schema: fix Schema.omit producing wrong result on Struct with optionalWith({ default }) and index signatures

    getIndexSignatures now handles Transformation AST nodes by delegating to ast.to, matching the existing behavior of getPropertyKeys and getPropertyKeyIndexedAccess. Previously, Schema.omit on a struct combining Schema.optionalWith (with { default }, { as: "Option" }, etc.) and Schema.Record would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.

  • #6086 4d97a61 Thanks @​taylorOntologize! - Schema: fix getPropertySignatures crash on Struct with optionalWith({ default }) and other Transformation-producing variants

    SchemaAST.getPropertyKeyIndexedAccess now handles Transformation AST nodes by delegating to ast.to, matching the existing behavior of getPropertyKeys. Previously, calling getPropertySignatures on a Schema.Struct containing Schema.optionalWith with { default }, { as: "Option" }, { nullable: true }, or similar options would throw "Unsupported schema (Transformation)".

  • #6097 f6b0960 Thanks @​gcanti! - Fix TupleWithRest post-rest validation to check each tail index sequentially.

effect@3.19.19

Patch Changes

effect@3.19.18

Patch Changes

effect@3.19.17

Patch Changes

  • #6040 a8c436f Thanks @​jacobconley! - Fix Stream.decodeText to correctly handle multi-byte UTF-8 characters split across chunk boundaries.

effect@3.19.16

Patch Changes

  • #6018 e71889f Thanks @​codewithkenzo! - fix(Match): handle null/undefined in Match.tag and Match.tagStartsWith

    Added null checks to discriminator and discriminatorStartsWith predicates to prevent crashes when matching nullable union types.

    Fixes #6017

effect@3.19.15

Patch Changes

... (truncated)

Changelog

Sourced from effect's changelog.

3.20.0

Minor Changes

Patch Changes

  • #6107 fc82e81 Thanks @​gcanti! - Backport Types.VoidIfEmpty to 3.x

  • #6088 82996bc Thanks @​taylorOntologize! - Schema: fix Schema.omit producing wrong result on Struct with optionalWith({ default }) and index signatures

    getIndexSignatures now handles Transformation AST nodes by delegating to ast.to, matching the existing behavior of getPropertyKeys and getPropertyKeyIndexedAccess. Previously, Schema.omit on a struct combining Schema.optionalWith (with { default }, { as: "Option" }, etc.) and Schema.Record would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.

  • #6086 4d97a61 Thanks @​taylorOntologize! - Schema: fix getPropertySignatures crash on Struct with optionalWith({ default }) and other Transformation-producing variants

    SchemaAST.getPropertyKeyIndexedAccess now handles Transformation AST nodes by delegating to ast.to, matching the existing behavior of getPropertyKeys. Previously, calling getPropertySignatures on a Schema.Struct containing Schema.optionalWith with { default }, { as: "Option" }, { nullable: true }, or similar options would throw "Unsupported schema (Transformation)".

  • #6097 f6b0960 Thanks @​gcanti! - Fix TupleWithRest post-rest validation to check each tail index sequentially.

3.19.19

Patch Changes

3.19.18

Patch Changes

3.19.17

Patch Changes

  • #6040 a8c436f Thanks @​jacobconley! - Fix Stream.decodeText to correctly handle multi-byte UTF-8 characters split across chunk boundaries.

3.19.16

Patch Changes

  • #6018 e71889f Thanks @​codewithkenzo! - fix(Match): handle null/undefined in Match.tag and Match.tagStartsWith

    Added null checks to discriminator and discriminatorStartsWith predicates to prevent crashes when matching nullable union types.

... (truncated)

Commits
  • aa47393 Version Packages (#6089)
  • 8798a84 fix(effect): isolate scheduler runners per fiber (#6124)
  • fc82e81 Backport Types.VoidIfEmpty to 3.x (#6107)
  • f6b0960 Backport: Fix TupleWithRest post-rest index drift validation bug (#6097)
  • 82996bc fix(Schema): handle Transformation in getIndexSignatures for correct omit beh...
  • 4d97a61 Schema: fix getPropertySignatures crash on Struct with optionalWith({ default...
  • ab3b64c Version Packages (#6080)
  • 2d2bb13 fix semaphore race condition where permits could be leaked (#6081)
  • 4eb5c00 build ManagedRuntime synchronously if possible (#6079)
  • 4f21075 Version Packages (#6063)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for effect since your current version.


Updates flatted from 3.3.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates hono from 4.10.6 to 4.12.10

Release notes

Sourced from hono's releases.

v4.12.10

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.9...v4.12.10

v4.12.9

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.8...v4.12.9

v4.12.8

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

... (truncated)

Commits
  • 9f374a5 4.12.10
  • a8c56a6 docs(ip-restriction): add clear JSDoc examples and param types (#4851)
  • 0bce36b fix(compress): convert strong ETag to weak ETag when compressing (#4848)
  • 75b4308 fix(jsx/dom): apply select value after children are rendered (#4847)
  • f47b559 docs: fix impaired -> inspired typo in benchmark READMEs (#4843)
  • 018277e test(router): fix Simple capturing group test (#4838)
  • e1ae0eb 4.12.9
  • 66fe9fe fix(cors): reflect request origin when credentials is true with wildcard (#4813)
  • 50e2611 fix(service-worker): make fire() fallback behavior consistent with `handle(...
  • be85106 fix(ssg): pass SSG_CONTEXT to forGetInfoURLRequest (#4810)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 6 updates
20a249c 
Bumps the npm_and_yarn group with 3 updates in the / directory: [@hono/node-server](https://github.com/honojs/node-server), [minimatch](https://github.com/isaacs/minimatch) and [flatted](https://github.com/WebReflection/flatted).


Updates `@hono/node-server` from 1.19.6 to 1.19.11
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v1.19.6...v1.19.11)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `defu` from 6.1.4 to 6.1.6
- [Release notes](https://github.com/unjs/defu/releases)
- [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md)
- [Commits](unjs/defu@v6.1.4...v6.1.6)

Updates `effect` from 3.18.4 to 3.20.0
- [Release notes](https://github.com/Effect-TS/effect/releases)
- [Changelog](https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md)
- [Commits](https://github.com/Effect-TS/effect/commits/effect@3.20.0/packages/effect)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `hono` from 4.10.6 to 4.12.10
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.10.6...v4.12.10)

---
updated-dependencies:
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: defu
  dependency-version: 6.1.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: effect
  dependency-version: 3.20.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants