GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: bump hono to ^4.12.18 to address security advisories

Browse Source 
Adds a scoped resolution to upgrade the transitive hono dependency
(pulled in by @modelcontextprotocol/sdk) from 4.12.16 to 4.12.18,
which patches:

- GHSA-p77w-8qqv-26rm: Cache Middleware ignores Vary: Authorization /
  Vary: Cookie, leading to cross-user cache leakage
- GHSA-qp7p-654g-cw7p: CSS Declaration Injection via style object
  values in JSX SSR
- GHSA-hm8q-7f3q-5f36: Improper validation of NumericDate claims
  (exp, nbf, iat) in JWT verify()

https://claude.ai/code/session_015xVpZwz5P7vMFF9Bkc2MpX
This commit is contained in:
Claude
2026-05-09 13:08:55 +00:00
parent 4548fc00bf
commit fe570956b1
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+2 -1
View File
@@ -389,7 +389,8 @@
"ip-address@npm:10.1.0": "^10.2.0",
"minimatch@npm:9.0.1": "9.0.9",
"lodash@npm:4.17.21": "^4.18.1",
"lodash-es@npm:4.17.23": "^4.18.1"
"lodash-es@npm:4.17.23": "^4.18.1",
"hono@npm:^4.11.4": "^4.12.18"
},
"version": "1.7.1",
"packageManager": "yarn@4.11.0"
yarn.lock
+4 -4
View File
@@ -12555,10 +12555,10 @@ __metadata:
languageName: node
linkType: hard
"hono@npm:^4.11.4":
version: 4.12.16
resolution: "hono@npm:4.12.16"
checksum: 10c0/3afee13722bf574780a641bd6d8812663c650fb7ac86df390f2d90293e1a6e2413aa9c45e4bc5b626a29c1b534fdb8353dd2151aab09bc4a95cd277aad4bd5c7
"hono@npm:^4.12.18":
version: 4.12.18
resolution: "hono@npm:4.12.18"
checksum: 10c0/b0b9688fd9e41a1847b077d579dc0e92a28b67c247c6ee7d1e751c0bae269824c30c7773feff1a2874e40ea36a3d2f9d1fc5ba618a28ecdf2ca1b33ed2473864
languageName: node
linkType: hard