Skip to content

chore(deps): bump the mcp-dependencies group across 1 directory with 3 updates#85

Merged
admin-raintree merged 2 commits into
mainfrom
dependabot/bun/mcp/mcp-dependencies-c1776776e4
Jun 24, 2026
Merged

chore(deps): bump the mcp-dependencies group across 1 directory with 3 updates#85
admin-raintree merged 2 commits into
mainfrom
dependabot/bun/mcp/mcp-dependencies-c1776776e4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the mcp-dependencies group with 3 updates in the /mcp directory: hono, openai and pg.

Updates hono from 4.12.25 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc

Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

Commits
  • 97c6fe1 4.12.27
  • aa92177 Merge commit from fork
  • cd3f6f7 Merge commit from fork
  • d4853a8 fix(jsx): make merged context-isolation tests pass tsc type check (#5037)
  • 6735fea fix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)
  • fab3b13 Merge commit from fork
  • 9f0dadf ci: use npm Staged publishing (#5035)
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates openai from 6.39.1 to 6.44.0

Release notes

Sourced from openai's releases.

v6.44.0

6.44.0 (2026-06-17)

Full Changelog: v6.43.0...v6.44.0

Features

  • api: update OpenAPI spec or Stainless config (d05bdbc)

v6.43.0

6.43.0 (2026-06-16)

Full Changelog: v6.42.0...v6.43.0

Bug Fixes

  • fix TS to use main (dc5078b)
  • restore pnpm repo configuration on next (c2575d6)

Chores

Build System

v6.42.0

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

  • api: responses.moderation and chat_completions.moderation (6d8f592)

v6.41.0

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

  • api: Add Amazon Bedrock Responses support (#1899) (535b045)

v6.40.0

... (truncated)

Changelog

Sourced from openai's changelog.

6.44.0 (2026-06-17)

Full Changelog: v6.43.0...v6.44.0

Features

  • api: update OpenAPI spec or Stainless config (d05bdbc)

6.43.0 (2026-06-16)

Full Changelog: v6.42.0...v6.43.0

Bug Fixes

  • fix TS to use main (dc5078b)
  • restore pnpm repo configuration on next (c2575d6)

Chores

Build System

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

  • api: responses.moderation and chat_completions.moderation (6d8f592)

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

  • api: Add Amazon Bedrock Responses support (#1899) (535b045)

6.40.0 (2026-06-01)

Full Changelog: v6.39.1...v6.40.0

Features

... (truncated)

Commits

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

Commits

@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: mcp. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel

vercel Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docpull Ready Ready Preview, Comment Jun 24, 2026 8:46pm

Request Review

@socket-security

socket-security Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​openai@​6.39.1 ⏵ 6.44.078 +9100100 +1100100
Updatednpm/​pg@​8.21.0 ⏵ 8.22.099 +1100100 +191100

View full report

@dependabot dependabot Bot force-pushed the dependabot/bun/mcp/mcp-dependencies-c1776776e4 branch from b089d32 to 4050904 Compare June 22, 2026 16:01
@dependabot
chore(deps): bump the mcp-dependencies group across 1 directory with …
4110d87 
…3 updates

Bumps the mcp-dependencies group with 3 updates in the /mcp directory: [hono](https://github.com/honojs/hono), [openai](https://github.com/openai/openai-node) and [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg).


Updates `hono` from 4.12.25 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.25...v4.12.27)

Updates `openai` from 6.39.1 to 6.44.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/main/CHANGELOG.md)
- [Commits](openai/openai-node@v6.39.1...v6.44.0)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mcp-dependencies
- dependency-name: openai
  dependency-version: 6.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mcp-dependencies
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mcp-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bun/mcp/mcp-dependencies-c1776776e4 branch from 4050904 to 4110d87 Compare June 24, 2026 16:35
@admin-raintree admin-raintree merged commit cf0aae5 into main Jun 24, 2026
20 checks passed
@admin-raintree admin-raintree deleted the dependabot/bun/mcp/mcp-dependencies-c1776776e4 branch June 24, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@admin-raintree