build(deps): Bump the npm_and_yarn group across 2 directories with 5 updates by dependabot[bot] · Pull Request #7 · MagnivOrg/promptlayer-mcp

dependabot · 2026-03-22T15:47:50Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
@hono/node-server	`1.19.9`	`1.19.11`
ajv	`8.17.1`	`8.18.0`
express-rate-limit	`8.2.1`	`8.3.1`
hono	`4.11.7`	`4.12.8`
qs	`6.14.1`	`6.15.0`

Bumps the npm_and_yarn group with 3 updates in the /gcp directory: @hono/node-server, express-rate-limit and hono.

Updates @hono/node-server from 1.19.9 to 1.19.11

Release notes

Sourced from @hono/node-server's releases.

v1.19.11

What's Changed

fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

ecd4d6b 1.19.11
c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
2f8ca36 1.19.10
455015b Merge commit from fork
cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
58c4412 chore: Adding LICENSE file with MIT license referenced in README.md (#297)
b1daa4c docs(readme): add @usualoma as an author (#300)
See full diff in compare view

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates express-rate-limit from 8.2.1 to 8.3.1

Release notes

Sourced from express-rate-limit's releases.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

Commits

47e5b29 8.3.1
eb61179 v8.3.1 changelog
a17377d Fix broken link for contributing guide
5aa3f6c fix: revert the dts-bundle-generator update
06dea83 ci: run test on node 20, 22, 24, 25 and drop 18 as it reached eol
c86a27d chore: update dependencies
8898ffa chore: migrate biome schema and run formatter
dd544fd docs: update changelog with backported releases
9c90752 ci: setup oidc connect with npm for automatatic publish
e4477fa 8.3.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for express-rate-limit since your current version.

Updates hono from 4.11.7 to 4.12.8

Release notes

Sourced from hono's releases.

v4.12.8

What's Changed

fix(utils/mime): Normalize input extension to lowercase before MIME check by @TheEssem in honojs/hono#4800

fix(bearer-auth): escape regex metacharacters in bearer auth prefix option by @otoneko1102 in honojs/hono#4750

New Contributors

@TheEssem made their first contribution in honojs/hono#4800

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

fix(accept): replace regex split to mitigate ReDoS by @EdamAme-x in honojs/hono#4758

fix(jsx): align link hoisting and dedupe with React 19 by @usualoma in honojs/hono#4792

chore(builld): tsconfig project references by @BarryThePenguin in honojs/hono#4797

chore: add tsconfig.spec.json by @yusukebe in honojs/hono#4798

feat(jsx-renderer): support function-based options by @3w36zj6 in honojs/hono#4780

fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @t0waxx in honojs/hono#4782

New Contributors

@t0waxx made their first contribution in honojs/hono#4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

fix(request): return string | undefined from param() when path type is any by @andrewdamelio in honojs/hono#4723

fix(jwt): validate token format in decode and decodeHeader functions by @otoneko1102 in honojs/hono#4752

fix(jsx): Fix "Invalid state: Controller is already closed" by @gaearon in honojs/hono#4770

chore(eslint): upgrade @hono/eslint-config by @BarryThePenguin in honojs/hono#4781

New Contributors

@andrewdamelio made their first contribution in honojs/hono#4723

@otoneko1102 made their first contribution in honojs/hono#4752

@gaearon made their first contribution in honojs/hono#4770

Full Changelog: honojs/hono@v4.12.4...v4.12.5

v4.12.4

Security fixes

... (truncated)

Commits

fe689ec 4.12.8
0c0bf8d fix(bearer-auth): escape regex metacharacters in bearer auth prefix option (#...
488ea6a fix(utils/mime): Normalize input extension to lowercase before MIME check (#4...
b0aba5b 4.12.7
1be3a53 ci: apply automated fixes
ef90225 Merge commit from fork
3f88636 4.12.6
53b66ae fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X (#4782)
58825a7 feat(jsx-renderer): support function-based options (#4780)
0e80acb chore: add tsconfig.spec.json (#4798)
Additional commits viewable in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates @hono/node-server from 1.19.9 to 1.19.11

Release notes

Sourced from @hono/node-server's releases.

v1.19.11

What's Changed

fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

ecd4d6b 1.19.11
c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
2f8ca36 1.19.10
455015b Merge commit from fork
cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
58c4412 chore: Adding LICENSE file with MIT license referenced in README.md (#297)
b1daa4c docs(readme): add @usualoma as an author (#300)
See full diff in compare view

Updates express-rate-limit from 8.2.1 to 8.3.1

Release notes

Sourced from express-rate-limit's releases.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

Commits

47e5b29 8.3.1
eb61179 v8.3.1 changelog
a17377d Fix broken link for contributing guide
5aa3f6c fix: revert the dts-bundle-generator update
06dea83 ci: run test on node 20, 22, 24, 25 and drop 18 as it reached eol
c86a27d chore: update dependencies
8898ffa chore: migrate biome schema and run formatter
dd544fd docs: update changelog with backported releases
9c90752 ci: setup oidc connect with npm for automatatic publish
e4477fa 8.3.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for express-rate-limit since your current version.

Updates hono from 4.11.9 to 4.12.8

Release notes

Sourced from hono's releases.

v4.12.8

What's Changed

fix(utils/mime): Normalize input extension to lowercase before MIME check by @TheEssem in honojs/hono#4800

fix(bearer-auth): escape regex metacharacters in bearer auth prefix option by @otoneko1102 in honojs/hono#4750

New Contributors

@TheEssem made their first contribution in honojs/hono#4800

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

fix(accept): replace regex split to mitigate ReDoS by @EdamAme-x in honojs/hono#4758

fix(jsx): align link hoisting and dedupe with React 19 by @usualoma in honojs/hono#4792

chore(builld): tsconfig project references by @BarryThePenguin in honojs/hono#4797

chore: add tsconfig.spec.json by @yusukebe in honojs/hono#4798

feat(jsx-renderer): support function-based options by @3w36zj6 in honojs/hono#4780

fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @t0waxx in honojs/hono#4782

New Contributors

@t0waxx made their first contribution in honojs/hono#4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

fix(request): return string | undefined from param() when path type is any by @andrewdamelio in honojs/hono#4723

fix(jwt): validate token format in decode and decodeHeader functions by @otoneko1102 in honojs/hono#4752

fix(jsx): Fix "Invalid state: Controller is already closed" by @gaearon in honojs/hono#4770

chore(eslint): upgrade @hono/eslint-config by @BarryThePenguin in honojs/hono#4781

New Contributors

@andrewdamelio made their first contribution in honojs/hono#4723

@otoneko1102 made their first contribution in honojs/hono#4752

@gaearon made their first contribution in honojs/hono#4770

Full Changelog: honojs/hono@v4.12.4...v4.12.5

v4.12.4

Security fixes

... (truncated)

Commits

fe689ec 4.12.8
0c0bf8d fix(bearer-auth): escape regex metacharacters in bearer auth prefix option (#...
488ea6a fix(utils/mime): Normalize input extension to lowercase before MIME check (#4...
b0aba5b 4.12.7
1be3a53 ci: apply automated fixes
ef90225 Merge commit from fork
3f88636 4.12.6
53b66ae fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X (#4782)
58825a7 feat(jsx-renderer): support function-based options (#4780)
0e80acb chore: add tsconfig.spec.json (#4798)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.11` | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.3.1` | | [hono](https://github.com/honojs/hono) | `4.11.7` | `4.12.8` | | [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.0` | Bumps the npm_and_yarn group with 3 updates in the /gcp directory: [@hono/node-server](https://github.com/honojs/node-server), [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) and [hono](https://github.com/honojs/hono). Updates `@hono/node-server` from 1.19.9 to 1.19.11 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.11) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `express-rate-limit` from 8.2.1 to 8.3.1 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.2.1...v8.3.1) Updates `hono` from 4.11.7 to 4.12.8 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.7...v4.12.8) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `@hono/node-server` from 1.19.9 to 1.19.11 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.11) Updates `express-rate-limit` from 8.2.1 to 8.3.1 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.2.1...v8.3.1) Updates `hono` from 4.11.9 to 4.12.8 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.7...v4.12.8) --- updated-dependencies: - dependency-name: "@hono/node-server" dependency-version: 1.19.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express-rate-limit dependency-version: 8.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express-rate-limit dependency-version: 8.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.8 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 22, 2026

dependabot bot mentioned this pull request Mar 22, 2026

build(deps): Bump qs from 6.14.1 to 6.14.2 in the npm_and_yarn group across 1 directory #3

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump the npm_and_yarn group across 2 directories with 5 updates#7

build(deps): Bump the npm_and_yarn group across 2 directories with 5 updates#7
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-f473f7466c

dependabot bot commented on behalf of github Mar 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 22, 2026

v1.19.11

What's Changed

v1.19.10

Security Fix

v8.18.0

What's Changed

New Contributors

v8.3.1

v8.3.0

v4.12.8

What's Changed

New Contributors

v4.12.7

Security hardening

v4.12.6

What's Changed

New Contributors

v4.12.5

What's Changed

New Contributors

v4.12.4

Security fixes

6.15.0

6.14.2

v1.19.11

What's Changed

v1.19.10

Security Fix

v8.3.1

v8.3.0

v4.12.8

What's Changed

New Contributors

v4.12.7

Security hardening

v4.12.6

What's Changed

New Contributors

v4.12.5

What's Changed

New Contributors

v4.12.4

Security fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants