Bump the npm_and_yarn group across 12 directories with 4 updates by dependabot[bot] · Pull Request #6 · Asper-Beauty-Shop/vercel

dependabot · 2026-03-04T20:39:08Z

Bumps the npm_and_yarn group with 2 updates in the / directory: hono and minimatch.
Bumps the npm_and_yarn group with 2 updates in the /examples/blitzjs directory: minimatch and next.
Bumps the npm_and_yarn group with 1 update in the /examples/brunch directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /examples/eleventy directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /examples/gatsby directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /examples/hexo directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /examples/ionic-angular directory: minimatch and serialize-javascript.
Bumps the npm_and_yarn group with 1 update in the /examples/polymer directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /examples/vue directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /examples/vuepress directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /packages/backends directory: hono.
Bumps the npm_and_yarn group with 1 update in the /packages/remix/test/fixtures-react-router/05-react-router-custom-server directory: hono.

Updates hono from 4.10.1 to 4.12.4

Release notes

Sourced from hono's releases.

v4.12.4

Security fixes

This release includes fixes for the following security issues:

SSE Control Field Injection

Affects: streamSSE() in Streaming Helper. Fixes injection of unintended SSE fields by rejecting CR/LF characters in event, id, and retry. GHSA-p6xx-57qc-3wxr

Cookie Attribute Injection in setCookie()

Affects: setCookie() from hono/cookie. Fixes cookie attribute manipulation by rejecting ;, \r, and \n in domain and path options. GHSA-5pq2-9x2x-5p6w

Middleware Bypass in Serve Static

Affects: Serve Static middleware. Fixes inconsistent URL decoding that could allow protected static resources to be accessed without triggering route-based middleware. GHSA-q5qw-h33p-qvwr

Users who uses Strreaming Helper, Cookie utility, and Serve Static are strongly encouraged to upgrade to this version.

Other changes

fix(client): preserve route schema in ApplyGlobalResponse by @agumy in honojs/hono#4777

fix(utils/url): specify the return type of tryDecodeURI by @yusukebe in honojs/hono#4779

New Contributors

@agumy made their first contribution in honojs/hono#4777

Full Changelog: honojs/hono@v4.12.3...v4.12.4

v4.12.3

What's Changed

fix(validator): prevent type diff bug in form data parsing by @EdamAme-x in honojs/hono#4753

fix(jwt): use Math.floor instead of bitwise OR for safe timestamp by @EdamAme-x in honojs/hono#4754

fix(jwt): fix JwtVariables for ContextVariableMap by @yusukebe in honojs/hono#4764

fix(types): remove DOM type dependencies from ClientResponse and request method by @YevheniiKotyrlo in honojs/hono#4768

fix(types): correct middleware types by @hmnd in honojs/hono#4774

fix(jwt): prevent memory leak by avoiding mutation of options object by @EdamAme-x in honojs/hono#4759

New Contributors

@YevheniiKotyrlo made their first contribution in honojs/hono#4768

@hmnd made their first contribution in honojs/hono#4774

Full Changelog: honojs/hono@v4.12.2...v4.12.3

v4.12.2

Security fix

Fixed incorrect handling of X-Forwarded-For in the AWS Lambda adapter behind ALB that could allow IP-based access control bypass. The detail: GHSA-xh87-mx6m-69f3

... (truncated)

Commits

19d20d2 4.12.4
44ae0c8 Merge commit from fork
f4123ed Merge commit from fork
80a9837 fix(utils/url): specify the return type of tryDecodeURI (#4779)
6a0607a Merge commit from fork
0768232 fix(client): preserve route schema in ApplyGlobalResponse (#4777)
790c57b 4.12.3
bda46ac fix(jwt): prevent memory leak by avoiding mutation of options object (#4759)
0f505f4 fix(types): correct middleware types (#4774)
eb9c112 fix(types): remove DOM type dependencies from ClientResponse and request meth...
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.4

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 5.1.6 to 5.1.9

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 9.0.5 to 9.0.9

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates next from 14.2.23 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix linked list bug in LRU deleteFromLru (#88652)

Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @acdlite and @ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

adf8c61 v16.1.6
098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
d6d5734 tweak LRU sentinel cache key (#89123)
4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
acba4a6 v16.1.5
e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 9.0.5 to 9.0.9

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 8.0.4 to 8.0.7

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates serialize-javascript from 6.0.2 to 7.0.4

Release notes

Sourced from serialize-javascript's releases.

v7.0.4

What's Changed

release: v7.0.4 by @okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0

build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

ci: bump GitHub Actions to latest versions by @okuryu in yahoo/serialize-javascript#203

ci: setup trusted publishing workflow by @okuryu in yahoo/serialize-javascript#204

release: v7.0.2 by @okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

Add warning about using this package to send arbitrary data to worker threads by @valadaptive in yahoo/serialize-javascript#200

security: sanitize function bodies by @redonkulus in yahoo/serialize-javascript#199

docs: tweak README by @okuryu in yahoo/serialize-javascript#201

release: v7.0.1 by @okuryu in yahoo/serialize-javascript#202

New Contributors

@redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

requires Node.js v20+

What's Changed

Bump mocha from 10.2.0 to 10.4.0 by @dependabot[bot] in yahoo/serialize-javascript#178

Bump mocha from 10.4.0 to 10.5.2 by @dependabot[bot] in yahoo/serialize-javascript#183

Bump nyc from 15.1.0 to 17.0.0 by @dependabot[bot] in yahoo/serialize-javascript#184

Bump braces from 3.0.2 to 3.0.3 by @dependabot[bot] in yahoo/serialize-javascript#181

Bump mocha from 10.5.2 to 10.7.0 by @dependabot[bot] in yahoo/serialize-javascript#185

Bump mocha from 10.7.0 to 10.7.3 by @dependabot[bot] in yahoo/serialize-javascript#186

Bump nyc from 17.0.0 to 17.1.0 by @dependabot[bot] in yahoo/serialize-javascript#187

Bump mocha from 10.7.3 to 10.8.2 by @dependabot[bot] in yahoo/serialize-javascript#188

feat: test on Node.js 22 and built-in test runner by @okuryu in yahoo/serialize-javascript#192

... (truncated)

Commits

eec32e0 release: v7.0.4
d505715 7.0.3
2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
44f544b release: v7.0.2 (#205)
bba0ddd ci: setup trusted publishing workflow (#204)
235f6ea ci: bump GitHub Actions to latest versions (#203)
f7fff15 release: v7.0.1 (#202)
b4abd4c docs: tweak README (#201)
738a8e9 security: sanitize function bodies (#199)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.

Updates minimatch from 3.0.4 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
9c31b2d update test expectations for coalesced consecutive stars
46fe687 coalesce consecutive non-globstar * characters
5a9ccbd [meta] update publishConfig.tag to legacy-v3
See full diff in compare view

Updates hono from 4.10.1 to 4.12.4

Release notes

Sourced from hono's releases.

v4.12.4

Security fixes

This release includes fixes for the following security issues:

SSE Control Field Injection

Affects: streamSSE() in Streaming Helper. Fixes injection of unintended SSE fields by rejecting CR/LF characters in event, id, and retry. GHSA-p6xx-57qc-3wxr

Cookie Attribute Injection in setCookie()

Affects: setCookie() from hono/cookie. Fixes cookie attribute manipulation by rejecting ;, \r, and \n in domain and path options. GHSA-5pq2-9x2x-5p6w

Middleware Bypass in Serve Static

Affects: Serve Static middleware. Fixes inconsistent URL decoding that could allow protected static resources to be accessed without triggering route-based middleware. GHSA-q5qw-h33p-qvwr

Users who uses Strreaming Helper, Cookie utility, and Serve Static are strongly encouraged to upgrade to this version.

Other changes

fix(client): preserve route schema in ApplyGlobalResponse by @agumy in honojs/hono#4777

fix(utils/url): specify the return type of tryDecodeURI by @yusukebe in honojs/hono#4779

New Contributors

@agumy made their first contribution in honojs/hono#4777

Full Changelog: honojs/hono@v4.12.3...v4.12.4

v4.12.3

What's Changed

fix(validator): prevent type diff bug in form data parsing by @EdamAme-x in honojs/hono#4753

fix(jwt): use Math.floor instead of bitwise OR for safe timestamp by @EdamAme-x in honojs/hono#4754

fix(jwt): fix JwtVariables for ContextVariableMap by @yusukebe in honojs/hono#4764

fix(types): remove DOM type dependencies from ClientResponse and request method by @YevheniiKotyrlo in honojs/hono#4768

fix(types): correct middleware types by @hmnd in honojs/hono#4774

fix(jwt): prevent memory leak by avoiding mutation of options object by @EdamAme-x in honojs/hono#4759

New Contributors

@YevheniiKotyrlo made their first contribution in honojs/hono#4768

@hmnd made their first contribution in honojs/hono#4774

Full Changelog: honojs/hono@v4.12.2...v4.12.3

v4.12.2

Security fix

Fixed incorrect handling of X-Forwarded-For in the AWS Lambda adapter behind ALB that could allow IP-based access control bypass. The detail: GHSA-xh87-mx6m-69f3

... (truncated)

Commits

19d20d2 4.12.4
44ae0c8 Merge commit from fork
f4123ed Merge commit from fork
80a9837 fix(utils/url): specify the return type of tryDecodeURI (#4779)
6a0607a Merge commit from fork
0768232 fix(client): preserve route schema in ApplyGlobalResponse (#4777)
790c57b 4.12.3
bda46ac fix(jwt): prevent memory leak by avoiding mutation of options object (#4759)
0f505f4 fix(types): correct middleware types (#4774)
eb9c112 fix(types): remove DOM type dependencies from ClientResponse and request meth...
Additional commits viewable in compare view

Updates hono from 4.7.0 to 4.12.4

Release notes

Sourced from hono's releases.

v4.12.4

Security fixes

This release includes fixes for the following security issues:

SSE Control Field Injection

Affects: streamSSE() in Streaming Helper. Fixes injection of unintended SSE fields by rejecting CR/LF characters in event, id, and retry. GHSA-p6xx-57qc-3wxr

Cookie Attribute Injection in setCookie()

Affects: setCookie() from hono/cookie. Fixes cookie attribute manipulation by rejecting ;, \r, and \n in domain and path options. GHSA-5pq2-9x2x-5p6w

Middleware Bypass in Serve Static

Affects: Serve Static middleware. Fixes inconsistent URL decoding that could allow protected static resources to be accessed without triggering route-based middleware. GHSA-q5qw-h33p-qvwr

Users who uses Strreaming Helper, Cookie utility, and Serve Static are strongly encouraged to upgrade to this version.

Other changes

fix(client): preserve route schema in ApplyGlobalResponse by @agumy in honojs/hono#4777

fix(utils/url): specify the return type of tryDecodeURI by @yusukebe in honojs/hono#4779

New Contributors

@agumy made their first contribution in honojs/hono#4777

Full Changelog: honojs/hono@v4.12.3...v4.12.4

v4.12.3

What's Changed

fix(validator): prevent type diff bug in form data parsing by @EdamAme-x in honojs/hono#4753

fix(jwt): use Math.floor instead of bitwise OR for safe timestamp by @EdamAme-x in honojs/hono#4754

fix(jwt): fix JwtVariables for ContextVariableMap by @yusukebe in honojs/hono#4764

fix(types): remove DOM type dependencies from ClientResponse and request method by @YevheniiKotyrlo in honojs/hono#4768

fix(types): correct middleware types by @hmnd in honojs/hono#4774

fix(jwt): prevent memory leak by avoiding mutation of options object by @EdamAme-x in honojs/hono#4759

New Contributors

@YevheniiKotyrlo made their first contribution in honojs/hono#4768

@hmnd made their first contribution in honojs/hono#4774

Full Changelog: honojs/hono@v4.12.2...v4.12.3

v4.12.2

Security fix

Fixed incorrect handling of X-Forwarded-For in the AWS Lambda adapter behind ALB that could allow IP-based access control bypass. The detail: GHSA-xh87-mx6m-69f3

... (truncated)

Commits

19d20d2 4.12.4
44ae0c8 Merge commit from fork
f4123ed Merge commit from fork
80a9837 fix(utils/url): specify the return type of tryDecodeURI (#4779)
6a0607a Merge commit from fork
0768232 fix(client): preserve route schema in ApplyGlobalResponse (#4777)
790c57b 4.12.3
bda46ac fix(jwt): prevent memory leak by avoiding mutation of options object (#4759)
0f505f4 fix(types): correct middleware types (#4774)
eb9c112 fix(types): remove DOM type dependencies from ClientResponse and request meth...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 2 updates in the / directory: [hono](https://github.com/honojs/hono) and [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /examples/blitzjs directory: [minimatch](https://github.com/isaacs/minimatch) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/brunch directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /examples/eleventy directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /examples/gatsby directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /examples/hexo directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /examples/ionic-angular directory: [minimatch](https://github.com/isaacs/minimatch) and [serialize-javascript](https://github.com/yahoo/serialize-javascript). Bumps the npm_and_yarn group with 1 update in the /examples/polymer directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /examples/vue directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /examples/vuepress directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /packages/backends directory: [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 1 update in the /packages/remix/test/fixtures-react-router/05-react-router-custom-server directory: [hono](https://github.com/honojs/hono). Updates `hono` from 4.10.1 to 4.12.4 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.10.1...v4.12.4) Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `next` from 14.2.23 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.23...v16.1.6) Updates `minimatch` from 3.0.4 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 3.0.4 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 3.0.4 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 8.0.4 to 8.0.7 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `serialize-javascript` from 6.0.2 to 7.0.4 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.4) Updates `minimatch` from 3.0.4 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `hono` from 4.10.1 to 4.12.4 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.10.1...v4.12.4) Updates `hono` from 4.7.0 to 4.12.4 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.10.1...v4.12.4) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 8.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 7.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.4 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 4, 2026

dependabot Bot mentioned this pull request Mar 4, 2026

Bump the npm_and_yarn group across 11 directories with 4 updates #5

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 12 directories with 4 updates#6

Bump the npm_and_yarn group across 12 directories with 4 updates#6
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-8efc556959

dependabot Bot commented on behalf of github Mar 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 4, 2026

v4.12.4

Security fixes

SSE Control Field Injection

Cookie Attribute Injection in setCookie()

Middleware Bypass in Serve Static

Other changes

New Contributors

v4.12.3

What's Changed

New Contributors

v4.12.2

Security fix

v16.1.6

Core Changes

Credits

v16.1.5

v16.1.4

Core Changes

Credits

v16.1.3

Core Changes

Credits

v16.1.2

Core Changes

v7.0.4

What's Changed

v7.0.3

v7.0.2

What's Changed

v7.0.1

What's Changed

New Contributors

v7.0.0

Breaking Changes

What's Changed

v4.12.4

Security fixes

SSE Control Field Injection

Cookie Attribute Injection in setCookie()

Middleware Bypass in Serve Static

Other changes

New Contributors

v4.12.3

What's Changed

New Contributors

v4.12.2

Security fix

v4.12.4

Security fixes

SSE Control Field Injection

Cookie Attribute Injection in setCookie()

Middleware Bypass in Serve Static

Other changes

New Contributors

v4.12.3

What's Changed

New Contributors

v4.12.2

Security fix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Cookie Attribute Injection in `setCookie()`

Cookie Attribute Injection in `setCookie()`

Cookie Attribute Injection in `setCookie()`