Skip to content

Fix Dependabot npm alerts#14

Merged
josebalius merged 1 commit into
mainfrom
josebalius/fix-dependabot-alerts
Jun 10, 2026
Merged

Fix Dependabot npm alerts#14
josebalius merged 1 commit into
mainfrom
josebalius/fix-dependabot-alerts

Conversation

@josebalius

Copy link
Copy Markdown
Member

Summary

  • refresh transitive npm dependencies pulled in through @modelcontextprotocol/sdk
  • update patched versions for hono, @hono/node-server, path-to-regexp, fast-uri, ip-address, and qs
  • supersede the narrow Dependabot path-to-regexp bump with one combined lockfile update

Validation

  • npm audit --omit=dev
  • npm run build

Refresh vulnerable transitive npm dependencies pulled in through @modelcontextprotocol/sdk, including hono, @hono/node-server, path-to-regexp, fast-uri, ip-address, and qs.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 10, 2026 13:41
@josebalius josebalius requested a review from a team as a code owner June 10, 2026 13:41

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@josebalius josebalius merged commit 77eca17 into main Jun 10, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants