Bump the "dependencies" group with 1 update across multiple ecosystems by dependabot[bot] · Pull Request #66 · patkub/mold-inventory

dependabot · 2026-04-16T10:30:56Z

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the dependencies group with 24 updates:

Package	From	To
nx	`22.6.4`	`22.6.5`
@auth0/actions	`0.18.0`	`0.19.0`
@vitest/coverage-v8	`4.1.2`	`4.1.4`
auth0-deploy-cli	`8.30.0`	`8.31.0`
vitest	`4.1.2`	`4.1.4`
vitest-mock-extended	`3.1.1`	`4.0.0`
@prisma/adapter-d1	`7.6.0`	`7.7.0`
@prisma/client	`7.6.0`	`7.7.0`
@prisma/client-runtime-utils	`7.6.0`	`7.7.0`
hono	`4.12.10`	`4.12.14`
@cloudflare/vitest-pool-workers	`0.14.1`	`0.14.7`
prettier	`3.8.1`	`3.8.3`
prisma	`7.6.0`	`7.7.0`
typescript-eslint	`8.58.0`	`8.58.2`
wrangler	`4.80.0`	`4.83.0`
@opennextjs/cloudflare	`1.18.0`	`1.19.1`
lucide-react	`1.7.0`	`1.8.0`
react	`19.2.4`	`19.2.5`
react-dom	`19.2.4`	`19.2.5`
baseline-browser-mapping	`2.10.14`	`2.10.19`
globals	`17.4.0`	`17.5.0`
jsdom	`29.0.1`	`29.0.2`
vite	`8.0.3`	`8.0.8`
agents	`0.9.0`	`0.11.0`

Updates nx from 22.6.4 to 22.6.5

Release notes

Sourced from nx's releases.

22.6.5 (2026-04-10)

🚀 Features

core: allow generate command to skip project graph creation (#35170)

core: use CNW variant 1 cloud prompt in nx init (#35155)

core: prompt for setup mode when running nx init in empty git directory (#35226)

misc: lock in CNW cloud prompt A/B winner and add new variants (#35154)

🩹 Fixes

angular: add storybook and playwright as implicit dependencies (#35224)

bundling: bump esbuild for new projects to a version compatible with vite 8 (#35132)

core: clean up legacy .gemini/skills during configure-ai-agents (#35117)

core: copy pnpm install configuration to generated package.json (#35016, #30240)

core: display actual error message when plugin loading fails (#35138, #35137)

core: bump axios to 1.13.5 to resolve CVE-2026-25639 (#35148, #35145)

core: update and pin ejs to 5.0.1 (#35157)

core: misc tui perf fixes (#35187)

core: replace LGPL-licensed @ltd/j-toml with BSD-3-Clause smol-toml (#35188)

core: kill discrete tasks and use tree-kill for batch cleanup on SIGINT (#35175)

core: support cross-file variable references in .env files (#34956, #34955)

core: disable Yarn scripts for temp nx@latest installs (#35210)

core: use fresh package manager cache for e2e tests (#35211)

core: prevent phantom connections and dead polling in plugin workers (#34823, #34388)

core: add prettier config inputs to astro-docs format target (#35222)

core: add vale-changed.mjs script to vale target inputs (41a71dd97d)

core: add missing build inputs for angular-rspack example projects (d71dcc6a9a)

core: add run-native-target script input to dotnet build-analyzer (#35221)

core: overwrite inferred script target when nx prop defines executor or command (#35227)

core: update cleanup mock to match async signature in package-json spec (c9d51d31f9)

gradle: prevent Gradle and Maven daemon accumulation during project graph recalculation (#35143)

gradle: use namespace import for tree-kill to match codebase convention (7c4f4af802)

js: resolve ENOWORKSPACES test error in setupVerdaccio for @nx/js:library generator (#34755)

js: include npm overrides in generated lockfile (#35192, #34529)

linter: infer extended tsconfig files as task inputs (#35190)

maven: prevent batch executor hang from premature worker exit (#35001, #34757)

maven: use require for tree-kill to avoid esModuleInterop mismatch between lib and spec configs (8bd4c182ca)

misc: use workspace root for package manager detection and normalize paths in plugins (#35116)

misc: stream Framer proxy responses and add edge function timing (#35215)

misc: bump axios to 1.15.0 for all packages (#35237)

repo: clean Angular CLI restore target before cache copy (#35121)

repo: update issue-notifier.yml (#35178)

❤️ Thank You

Alexandre Ducarne @JiggyJinjo

Claude

Claude Opus 4.6

Claude Opus 4.6 (1M context)

... (truncated)

Commits

c9d51d3 fix(core): update cleanup mock to match async signature in package-json spec
6a32696 feat(core): prompt for setup mode when running nx init in empty git directory...
13d69ef fix(core): overwrite inferred script target when nx prop defines executor or ...
ad59aab chore(repo): fix nx build
875d978 Reapply "fix(core): kill discrete tasks and use tree-kill for batch cleanup o...
468621f Reapply "fix(core): prevent phantom connections and dead polling in plugin wo...
c9bcccb Revert "fix(core): kill discrete tasks and use tree-kill for batch cleanup on...
3a264f4 Revert "fix(core): prevent phantom connections and dead polling in plugin wor...
6e96dab fix(misc): bump axios to 1.15.0 for all packages (#35237)
2df6339 fix(js): include npm overrides in generated lockfile (#35192)
Additional commits viewable in compare view

Updates @auth0/actions from 0.18.0 to 0.19.0

Release notes

Sourced from @auth0/actions's releases.

Release v0.19.0

What's Changed

feat: update Actions types by @auth0-actions-type-automation[bot] in auth0/auth0-actions#21

feat: update Actions types by @auth0-actions-type-automation[bot] in auth0/auth0-actions#24

feat: update Actions types by @auth0-actions-type-automation[bot] in auth0/auth0-actions#22

feat: update Actions types by @auth0-actions-type-automation[bot] in auth0/auth0-actions#25

chore: release v0.19.0 by @github-actions[bot] in auth0/auth0-actions#26

fix: pin NPM to 11.10.0 to work around node issue 62425 by @micahg in auth0/auth0-actions#27

chore: release v0.19.0 by @github-actions[bot] in auth0/auth0-actions#28

Full Changelog: auth0/auth0-actions@v0.18.0...v0.19.0

Commits

9dbfafb Merge pull request #28 from auth0/release/v0.19.0
bead402 chore: bump version to v0.19.0
f5aa359 Merge pull request #27 from auth0/fix/pin-npm-version
349f1c7 fix: pin NPM to 11.10.0 to work around node issue 62425
9571e56 Merge pull request #26 from auth0/release/v0.19.0
cdfebad chore: bump version to v0.19.0
5501101 Merge pull request #25 from auth0/feat/update-action-types-1776094338
ecc44b1 feat: update Actions types
5c8f2af Merge pull request #22 from auth0/feat/update-action-types-1775516498
69db5ba Merge pull request #24 from auth0/feat/update-action-types-1775571097
Additional commits viewable in compare view

Updates @vitest/coverage-v8 from 4.1.2 to 4.1.4

Release notes

Sourced from @vitest/coverage-v8's releases.

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

   🐞 Bug Fixes

Advance fake timers with expect.poll interval - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10022 (3f5bf)

Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency - by @alan-agius4 in vitest-dev/vitest#10025 (146d4)

Fix defineHelper for webkit async stack trace + update playwright 1.59.0 - by @hi-ogawa in vitest-dev/vitest#10036 (5a5fa)

Fix suite hook throwing errors for unused auto test-scoped fixture - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10035 (39865)

expect:

Remove JestExtendError.context from verbose error reporting - by @hi-ogawa in vitest-dev/vitest#9983 (66751)

Don't leak "runner" types - by @sheremet-va in vitest-dev/vitest#10004 (ec204)

snapshot:

Fix flagging obsolete snapshots for snapshot properties mismatch - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#9986 (6b869)

Export custom snapshot matcher helper from vitest - by @hi-ogawa and Codex in vitest-dev/vitest#10042 (691d3)

ui:

Don't leak vite types - by @sheremet-va in vitest-dev/vitest#10005 (fdff1)

vm:

Fix external module resolve error with deps optimizer query - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10024 (9dbf4)

    View changes on GitHub

Commits

ac04bac chore: release v4.1.4
2dc0d62 chore: release v4.1.3
See full diff in compare view

Updates auth0-deploy-cli from 8.30.0 to 8.31.0

Release notes

Sourced from auth0-deploy-cli's releases.

8.31.0

Added

Add support for is_default on customDomains. #1330

Add AUTH0_EXPORT_ORDERED config property and --export_ordered flag for stable exports. #1335

Fixed

Fix clientGrants matching when multiple grants share the same client_id and audience. #1341

Changelog

Sourced from auth0-deploy-cli's changelog.

[8.31.0] - 2026-04-10

Added

Add support for is_default on customDomains. #1330

Add AUTH0_EXPORT_ORDERED config property and --export_ordered flag for stable exports. #1335

Fixed

Fix clientGrants matching when multiple grants share the same client_id and audience. #1341

Commits

8fe0e28 8.31.0 (#1359)
a34e9ca chore: add CI format check (#1358)
be183e1 feat: Add support for default custom domain and deprecation warning for enabl...
8e4ef6d Fix: client grants incorrectly matched when multiple grants share the same cl...
c00e852 fix(test): e2e test with husky (#1355)
b6e0cd9 fix(package.json): update dependencies and configurations (#1352)
63067c4 chore(package.json): add prepare for husky (#1351)
51264af chore: update AGENTS.md added CLAUDE.md (#1350)
4b7be06 feat: add --export_ordered flag to produce stable JSON exports (#1335)
See full diff in compare view

Updates vitest from 4.1.2 to 4.1.4

Release notes

Sourced from vitest's releases.

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

   🐞 Bug Fixes

Advance fake timers with expect.poll interval - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10022 (3f5bf)

Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency - by @alan-agius4 in vitest-dev/vitest#10025 (146d4)

Fix defineHelper for webkit async stack trace + update playwright 1.59.0 - by @hi-ogawa in vitest-dev/vitest#10036 (5a5fa)

Fix suite hook throwing errors for unused auto test-scoped fixture - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10035 (39865)

expect:

Remove JestExtendError.context from verbose error reporting - by @hi-ogawa in vitest-dev/vitest#9983 (66751)

Don't leak "runner" types - by @sheremet-va in vitest-dev/vitest#10004 (ec204)

snapshot:

Fix flagging obsolete snapshots for snapshot properties mismatch - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#9986 (6b869)

Export custom snapshot matcher helper from vitest - by @hi-ogawa and Codex in vitest-dev/vitest#10042 (691d3)

ui:

Don't leak vite types - by @sheremet-va in vitest-dev/vitest#10005 (fdff1)

vm:

Fix external module resolve error with deps optimizer query - by @hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10024 (9dbf4)

    View changes on GitHub

Commits

ac04bac chore: release v4.1.4
82c858d chore: Remove no-op function in plugin config logic (#8501)
d4fbb5c feat(experimental): support aria snapshot (#9668)
b77de96 feat(reporter): add filterMeta option to json reporter (#10078)
a120e3a feat(experimental): expose assertion as a public field (#10095)
5375780 feat(coverage): default to text reporter skipFull if agent detected (#10018)
a1b5f0f fix: make expect(..., message) consistent as error message prefix (#10068)
203f07a fix: use "black" foreground for labeled terminal message to ensure contrast (...
2dc0d62 chore: release v4.1.3
7827363 feat: add experimental.preParse flag (#10070)
Additional commits viewable in compare view

Updates vitest-mock-extended from 3.1.1 to 4.0.0

Release notes

Sourced from vitest-mock-extended's releases.

v4.0.0

What's Changed

♻️ Switch from eslint to biome by @eratio08 in eratio08/vitest-mock-extended#968

Switch to Vitest v4 by @eratio08 in eratio08/vitest-mock-extended#969

Full Changelog: eratio08/vitest-mock-extended@v3.1.1...v4.0.0

Commits

865c412 Switch to Vitest v4 (#969)
db4e3ab ♻️ Switch from eslint to biome (#968)
See full diff in compare view

Updates @prisma/adapter-d1 from 7.6.0 to 7.7.0

Release notes

Sourced from @prisma/adapter-d1's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.

Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.

Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.

Migrate — Runs prisma migrate dev if the schema contains models.

Generate — Runs prisma generate.

Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage
npx prisma@latest bootstrap
With a starter template
npx prisma@latest bootstrap --template nextjs
Non-interactive (CI)
npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"
Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

Commits

See full diff in compare view

Updates @prisma/client from 7.6.0 to 7.7.0

Release notes

Sourced from @prisma/client's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.

Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.

Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.

Migrate — Runs prisma migrate dev if the schema contains models.

Generate — Runs prisma generate.

Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage
npx prisma@latest bootstrap
With a starter template
npx prisma@latest bootstrap --template nextjs
Non-interactive (CI)
npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"
Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

Commits

6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
See full diff in compare view

Updates @prisma/client-runtime-utils from 7.6.0 to 7.7.0

Release notes

Sourced from @prisma/client-runtime-utils's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.

Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.

Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.

Migrate — Runs prisma migrate dev if the schema contains models.

Generate — Runs prisma generate.

Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage
npx prisma@latest bootstrap
With a starter template
npx prisma@latest bootstrap --template nextjs
Non-interactive (CI)
npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"
Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

Commits

See full diff in compare view

Updates hono from 4.12.10 to 4.12.14

Release notes

Sourced from hono's releases.

v4.12.14

Security fixes

This release includes fixes for the following security issues:

Improper handling of JSX attribute names in hono/jsx SSR

Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375

Other changes

fix(aws-lambda): handle invalid header names in request processing (#4883) fa2c74fe

v4.12.13

What's Changed

fix(types): infer response type from last handler in app.on 9-/10-handler overloads by @T4ko0522 in honojs/hono#4865

feat(trailing-slash): add skip option by @yusukebe in honojs/hono#4862

feat(cache): add onCacheNotAvailable option by @yusukebe in honojs/hono#4876

New Contributors

@T4ko0522 made their first contribution in honojs/hono#4865

Full Changelog: honojs/hono@v4.12.12...v4.12.13

v4.12.12

Security fixes

This release includes fixes for the following security issues:

Middleware bypass via repeated slashes in serveStatic

Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (//) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c

Path traversal in toSSG() allows writing files outside the output directory

Affects: toSSG() for Static Site Generation. Fixes a path traversal issue where crafted ssgParams values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx

Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g

Missing validation of cookie name on write path in setCookie()

Affects: setCookie(), serialize(), and serializeSigned() from hono/cookie. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm

Non-breaking space prefix bypass in cookie name handling in getCookie()

Affects: getCookie() from hono/cookie. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4

... (truncated)

Commits

cf2d2b7 4.12.14
66daa2e Merge commit from fork
fa2c74f fix(aws-lambda): handle invalid header names in request processing (#4883)
3779927 4.12.13
faa6c46 feat(cache): add onCacheNotAvailable option (#4876)
f23e97b feat(trailing-slash): add skip option (#4862)
1aa32fb fix(types): infer response type from last handler in app.on 9- and 10-handler...
c37ba26 4.12.12
cc067c8 Merge commit from fork
a586cd7 Merge commit from fork
Additional commits viewable in compare view

Updates @cloudflare/vitest-pool-workers from 0.14.1 to 0.14.7

Release notes

Sourced from @cloudflare/vitest-pool-workers's releases.

@cloudflare/vitest-pool-workers@0.14.7

Patch Changes

Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 07a918c, 89c7829, 60565dd, 6cbcdeb, 90aee27]:

miniflare@4.20260415.0

wrangler@4.83.0

@cloudflare/vitest-pool-workers@0.14.6

Patch Changes

Updated dependencies [9b2b6ba]:

wrangler@4.82.2

@cloudflare/vitest-pool-workers@0.14.5

Patch Changes

Updated dependencies [6b11b07, dd4e888]:

wrangler@4.82.1

@cloudflare/vitest-pool-workers@0.14.4

Patch Changes

Updated dependencies [5338bb6, 79fd529, 28bc2be, 4fd138b, bafb96b, c50cb5b, 2589395, 525a46b, 5eff8c1,

Bumps the dependencies group with 24 updates: | Package | From | To | | --- | --- | --- | | [nx](https://github.com/nrwl/nx/tree/HEAD/packages/nx) | `22.6.4` | `22.6.5` | | [@auth0/actions](https://github.com/auth0/auth0-actions) | `0.18.0` | `0.19.0` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.2` | `4.1.4` | | [auth0-deploy-cli](https://github.com/auth0/auth0-deploy-cli) | `8.30.0` | `8.31.0` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.2` | `4.1.4` | | [vitest-mock-extended](https://github.com/eratio08/vitest-mock-extended) | `3.1.1` | `4.0.0` | | [@prisma/adapter-d1](https://github.com/prisma/prisma/tree/HEAD/packages/adapter-d1) | `7.6.0` | `7.7.0` | | [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `7.6.0` | `7.7.0` | | [@prisma/client-runtime-utils](https://github.com/prisma/prisma/tree/HEAD/packages/client-runtime-utils) | `7.6.0` | `7.7.0` | | [hono](https://github.com/honojs/hono) | `4.12.10` | `4.12.14` | | [@cloudflare/vitest-pool-workers](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vitest-pool-workers) | `0.14.1` | `0.14.7` | | [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` | | [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli) | `7.6.0` | `7.7.0` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.58.0` | `8.58.2` | | [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.80.0` | `4.83.0` | | [@opennextjs/cloudflare](https://github.com/opennextjs/opennextjs-cloudflare/tree/HEAD/packages/cloudflare) | `1.18.0` | `1.19.1` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.7.0` | `1.8.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.5` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.5` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.14` | `2.10.19` | | [globals](https://github.com/sindresorhus/globals) | `17.4.0` | `17.5.0` | | [jsdom](https://github.com/jsdom/jsdom) | `29.0.1` | `29.0.2` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.3` | `8.0.8` | | [agents](https://github.com/cloudflare/agents/tree/HEAD/packages/agents) | `0.9.0` | `0.11.0` | Updates `nx` from 22.6.4 to 22.6.5 - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/22.6.5/packages/nx) Updates `@auth0/actions` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/auth0/auth0-actions/releases) - [Commits](auth0/auth0-actions@v0.18.0...v0.19.0) Updates `@vitest/coverage-v8` from 4.1.2 to 4.1.4 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/coverage-v8) Updates `auth0-deploy-cli` from 8.30.0 to 8.31.0 - [Release notes](https://github.com/auth0/auth0-deploy-cli/releases) - [Changelog](https://github.com/auth0/auth0-deploy-cli/blob/master/CHANGELOG.md) - [Commits](auth0/auth0-deploy-cli@v8.30.0...v8.31.0) Updates `vitest` from 4.1.2 to 4.1.4 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest) Updates `vitest-mock-extended` from 3.1.1 to 4.0.0 - [Release notes](https://github.com/eratio08/vitest-mock-extended/releases) - [Commits](eratio08/vitest-mock-extended@v3.1.1...v4.0.0) Updates `@prisma/adapter-d1` from 7.6.0 to 7.7.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/adapter-d1) Updates `@prisma/client` from 7.6.0 to 7.7.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/client) Updates `@prisma/client-runtime-utils` from 7.6.0 to 7.7.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/client-runtime-utils) Updates `hono` from 4.12.10 to 4.12.14 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.10...v4.12.14) Updates `@cloudflare/vitest-pool-workers` from 0.14.1 to 0.14.7 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vitest-pool-workers/CHANGELOG.md) - [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/vitest-pool-workers@0.14.7/packages/vitest-pool-workers) Updates `prettier` from 3.8.1 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.1...3.8.3) Updates `prisma` from 7.6.0 to 7.7.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/cli) Updates `typescript-eslint` from 8.58.0 to 8.58.2 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.2/packages/typescript-eslint) Updates `wrangler` from 4.80.0 to 4.83.0 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.83.0/packages/wrangler) Updates `@opennextjs/cloudflare` from 1.18.0 to 1.19.1 - [Release notes](https://github.com/opennextjs/opennextjs-cloudflare/releases) - [Changelog](https://github.com/opennextjs/opennextjs-cloudflare/blob/main/packages/cloudflare/CHANGELOG.md) - [Commits](https://github.com/opennextjs/opennextjs-cloudflare/commits/@opennextjs/cloudflare@1.19.1/packages/cloudflare) Updates `lucide-react` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.8.0/packages/lucide-react) Updates `react` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) Updates `react-dom` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) Updates `baseline-browser-mapping` from 2.10.14 to 2.10.19 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.14...v2.10.19) Updates `globals` from 17.4.0 to 17.5.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v17.4.0...v17.5.0) Updates `jsdom` from 29.0.1 to 29.0.2 - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v29.0.1...v29.0.2) Updates `vite` from 8.0.3 to 8.0.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite) Updates `agents` from 0.9.0 to 0.11.0 - [Release notes](https://github.com/cloudflare/agents/releases) - [Changelog](https://github.com/cloudflare/agents/blob/main/packages/agents/CHANGELOG.md) - [Commits](https://github.com/cloudflare/agents/commits/agents@0.11.0/packages/agents) --- updated-dependencies: - dependency-name: nx dependency-version: 22.6.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: "@auth0/actions" dependency-version: 0.19.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: auth0-deploy-cli dependency-version: 8.31.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: vitest dependency-version: 4.1.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: vitest-mock-extended dependency-version: 4.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: dependencies - dependency-name: "@prisma/adapter-d1" dependency-version: 7.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@prisma/client" dependency-version: 7.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@prisma/client-runtime-utils" dependency-version: 7.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: hono dependency-version: 4.12.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: "@cloudflare/vitest-pool-workers" dependency-version: 0.14.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: prisma dependency-version: 7.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: typescript-eslint dependency-version: 8.58.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: wrangler dependency-version: 4.83.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@opennextjs/cloudflare" dependency-version: 1.19.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: lucide-react dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: baseline-browser-mapping dependency-version: 2.10.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: globals dependency-version: 17.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: jsdom dependency-version: 29.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: vite dependency-version: 8.0.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: agents dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

patkub · 2026-04-24T20:17:52Z

Needs to be tested as this previously broke. See #64 , #65

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 16, 2026

patkub marked this pull request as draft April 24, 2026 20:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the "dependencies" group with 1 update across multiple ecosystems#66

Bump the "dependencies" group with 1 update across multiple ecosystems#66
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/dependencies-757a83b41c

dependabot Bot commented on behalf of github Apr 16, 2026 •

edited

Loading

Uh oh!

patkub commented Apr 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

22.6.5 (2026-04-10)

🚀 Features

🩹 Fixes

❤️ Thank You

Release v0.19.0

What's Changed

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

8.31.0

Added

Fixed

[8.31.0] - 2026-04-10

Added

Fixed

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.0.0

What's Changed

7.7.0

Highlights

ORM

prisma bootstrap command

Open roles at Prisma

Enterprise support

7.7.0

Highlights

ORM

prisma bootstrap command

Open roles at Prisma

Enterprise support

7.7.0

Highlights

ORM

prisma bootstrap command

Open roles at Prisma

Enterprise support

v4.12.14

Security fixes

Improper handling of JSX attribute names in hono/jsx SSR

Other changes

v4.12.13

What's Changed

New Contributors

v4.12.12

Security fixes

Middleware bypass via repeated slashes in serveStatic

Path traversal in toSSG() allows writing files outside the output directory

Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Missing validation of cookie name on write path in setCookie()

Non-breaking space prefix bypass in cookie name handling in getCookie()

@​cloudflare/vitest-pool-workers@​0.14.7

Patch Changes

@​cloudflare/vitest-pool-workers@​0.14.6

Patch Changes

@​cloudflare/vitest-pool-workers@​0.14.5

Patch Changes

@​cloudflare/vitest-pool-workers@​0.14.4

Patch Changes

Uh oh!

patkub commented Apr 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

dependabot Bot commented on behalf of github Apr 16, 2026 •

edited

Loading

`prisma bootstrap` command

`prisma bootstrap` command

`prisma bootstrap` command

`@cloudflare/vitest-pool-workers@0`.14.7

`@cloudflare/vitest-pool-workers@0`.14.6

`@cloudflare/vitest-pool-workers@0`.14.5

`@cloudflare/vitest-pool-workers@0`.14.4