Skip to content

fix: resolve open dependabot security alerts#567

Open
jonathannorris wants to merge 4 commits intomainfrom
fix/dependabot-alerts
Open

fix: resolve open dependabot security alerts#567
jonathannorris wants to merge 4 commits intomainfrom
fix/dependabot-alerts

Conversation

@jonathannorris
Copy link
Copy Markdown
Member

@jonathannorris jonathannorris commented Apr 22, 2026
edited
Loading

Summary

Resolved 3 open Dependabot security alerts by bumping vulnerable dependencies.

Dependabot Alerts Resolved

Alert Package Severity Fix
#197 hono medium Bumped to ^4.12.14 via yarn resolution
#196 hono medium Bumped direct dep in mcp-worker to 4.12.14
#195 follow-redirects medium Bumped to ^1.16.0 via yarn resolution

@jonathannorris
fix: resolve open dependabot security alerts
628a503 
- hono 4.12.12 -> 4.12.14 (medium, alerts #196, #197)
- follow-redirects -> 1.16.0 via resolution (medium, alert #195)
Copilot AI review requested due to automatic review settings April 22, 2026 19:43
@jonathannorris jonathannorris requested a review from a team as a code owner April 22, 2026 19:43
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Apr 22, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 devcycle-mcp-server f9d6153 Apr 23 2026, 05:28 PM

Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Resolves Dependabot security alerts by bumping/pinning vulnerable Node dependencies across the Yarn workspace, ensuring the updated versions are enforced via resolutions and reflected in the lockfile.

Changes:

  • Bump hono to 4.12.14 (workspace + root resolution) to address reported vulnerabilities.
  • Pin follow-redirects to 1.16.0 via Yarn resolutions.
  • Update yarn.lock to reflect the resolved versions/checksums.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
yarn.lock Updates locked versions/checksums for hono and follow-redirects per the new resolutions.
package.json Adjusts root resolutions to enforce hono@4.12.14 and follow-redirects@1.16.0.
mcp-worker/package.json Bumps direct hono dependency to 4.12.14 in the worker workspace.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jonathannorris jonathannorris enabled auto-merge (squash) April 23, 2026 15:09
Copilot AI review requested due to automatic review settings April 23, 2026 16:19
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json Outdated
Comment thread package.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonathannorris