Skip to content

chore: fix security vulnerabilities via npm audit fix#149

Merged
mattpodwysocki merged 1 commit intomainfrom
chore/update-dependencies
Mar 20, 2026
Merged

chore: fix security vulnerabilities via npm audit fix#149
mattpodwysocki merged 1 commit intomainfrom
chore/update-dependencies

Conversation

@mattpodwysocki
Copy link
Contributor

@mattpodwysocki mattpodwysocki commented Mar 17, 2026

Summary

Runs npm audit fix to address 3 high severity vulnerabilities flagged by Dependabot:

Package Vulnerability Severity
@hono/node-server < 1.19.10 Authorization bypass for protected static paths via encoded slashes High
@modelcontextprotocol/sdk 1.10.0–1.25.3 Cross-client data leak via shared server/transport instance reuse High
hono <= 4.12.6 JWT algorithm confusion, XSS via ErrorBoundary component High

Only package-lock.json changed — no code changes.

Test plan

  • All 612 tests pass

🤖 Generated with Claude Code

@mattpodwysocki @claude
chore: fix security vulnerabilities via npm audit fix
c5b4a41 
Addresses 3 high severity vulnerabilities:
- @hono/node-server < 1.19.10 (authorization bypass via encoded slashes)
- @modelcontextprotocol/sdk 1.10.0–1.25.3 (cross-client data leak)
- hono <= 4.12.6 (JWT algorithm confusion, XSS)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mattpodwysocki mattpodwysocki requested a review from a team as a code owner March 17, 2026 23:27
@mattpodwysocki mattpodwysocki merged commit ecd12c3 into main Mar 20, 2026
5 checks passed
@mattpodwysocki mattpodwysocki deleted the chore/update-dependencies branch March 20, 2026 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ctufts ctufts ctufts approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattpodwysocki @ctufts