chore(deps): bump the production-dependencies group across 1 directory with 4 updates#27
Conversation
…y with 4 updates Bumps the production-dependencies group with 4 updates in the / directory: [@hono/zod-validator](https://github.com/honojs/middleware/tree/HEAD/packages/zod-validator), [hono](https://github.com/honojs/hono), [yaml](https://github.com/eemeli/yaml) and [zod](https://github.com/colinhacks/zod). Updates `@hono/zod-validator` from 0.7.6 to 0.8.0 - [Release notes](https://github.com/honojs/middleware/releases) - [Changelog](https://github.com/honojs/middleware/blob/main/packages/zod-validator/CHANGELOG.md) - [Commits](https://github.com/honojs/middleware/commits/@hono/zod-validator@0.8.0/packages/zod-validator) Updates `hono` from 4.12.12 to 4.12.18 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.12...v4.12.18) Updates `yaml` from 2.8.3 to 2.8.4 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.3...v2.8.4) Updates `zod` from 4.3.6 to 4.4.3 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v4.3.6...v4.4.3) --- updated-dependencies: - dependency-name: "@hono/zod-validator" dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: hono dependency-version: 4.12.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: yaml dependency-version: 2.8.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: zod dependency-version: 4.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
There was a problem hiding this comment.
Pull Request Overview
The PR diff is currently empty, meaning the intended dependency updates are not present in the codebase. Furthermore, the proposed updates to Zod and Hono include security patches and stricter validation rules that lack corresponding test verification. These gaps represent a major logic risk and must be addressed before the PR is considered for merging.
About this PR
- The PR diff is currently empty. The requested dependency updates are not reflected in the code changes. Please ensure the lockfile and package manifest are updated and committed.
- The update to the validation library introduces stricter rules that may cause regressions. Existing schemas should be verified against the new library logic to ensure consistency and prevent unexpected validation failures.
Test suggestions
- Verify that zod-validator correctly surfaces 400 errors for invalid requests and propagates them to the RPC schema.
- Validate application behavior with updated Hono security patches for JWT verification and Cache middleware.
- Check existing Zod schemas for potential regressions due to stricter validation rules.
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify that zod-validator correctly surfaces 400 errors for invalid requests and propagates them to the RPC schema.
2. Validate application behavior with updated Hono security patches for JWT verification and Cache middleware.
3. Check existing Zod schemas for potential regressions due to stricter validation rules.
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
Up to standards ✅🟢 Issues
|
|



Bumps the production-dependencies group with 4 updates in the / directory: @hono/zod-validator, hono, yaml and zod.
Updates
@hono/zod-validatorfrom 0.7.6 to 0.8.0Release notes
Sourced from @hono/zod-validator's releases.
Changelog
Sourced from @hono/zod-validator's changelog.
Commits
a08b023Version Packages (#1887)e90e4fbfeat(zod-validator): surface the default 400 on the no-hook overload and keep...e762ac0feat(eslint): ignoring variables and parameters prefixed with_(#1772)475cd12chore: update typescript to5.9.3(#1741)96ae310chore: update Zod/Valibot import examples to use namespace imports in docs an...fbec266chore(deps-dev): bump hono from 4.11.3 to 4.11.4 (#1710)c7edf1echore(deps-dev): upgrade@cloudflare/vitest-pool-workersandvitest(#1714)03a28c5fix: less strict template expressions (#1681)1f8372echore(typescript): add@tsconfig/strictest(#1679)49db969chore(eslint): update suppressions (#1678)Updates
honofrom 4.12.12 to 4.12.18Release notes
Sourced from hono's releases.
... (truncated)
Commits
f10dee84.12.18a5bd9ebMerge commit from fork58d3d3aMerge commit from fork568c2ecMerge commit from forkff2b3d34.12.1752aaaf9fix(types): propagate middleware response types to app.on overloads (#4906)76d5589fix(cors): make origin optional in CORSOptions (#4905)8f027e5fix(ssg): addatom+xmlandrss+xmltodefaultExtensionMap(#4899)bfba97cfix(jsx): normalize SVG attributes on the <svg> root element (#4893)90d41824.12.16Updates
yamlfrom 2.8.3 to 2.8.4Release notes
Sourced from yaml's releases.
Commits
ccdf7432.8.4f625789fix: Disable alias resolution with maxAliasCount:0 (#677)e1a1a77fix: Handle invalid unicode escapesa163ea0style: Satify Prettierb2a5a6cfix: Apply minFractionDigits only to decimal strings (#676)93c951bchore: Bump JSR version to v2.8.3 (#673)0f226a3docs: Add trailingComma ToString optionUpdates
zodfrom 4.3.6 to 4.4.3Release notes
Sourced from zod's releases.
... (truncated)
Commits
1fb56a5docs: document release procedure in AGENTS.mdf3c9ec04.4.3c2be4f8fix(v4): generalize optin/fallback to transform; restore preprocess on absent...1cab693fix(v4): restore catch handling for absent object keys (#5937) (#5939)b8dffe9docs: remove Numeric and Speakeasy (2+ missed monthly cycles)9195250docs: remove Mintlify from bronze sponsors (churned)2c70332docs: normalize bronze sponsor logos to github avatar pattern7391be8docs: prune lapsed silver/bronze sponsors and add active ones2aeec83docs: prune lapsed gold sponsors and rebalance logo sizing4c2fa95docs: use Zernio primary wordmark for gold sponsor logoMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsSummary by cubic
Upgrade production server deps to pick up security fixes and improved validation typing:
@hono/zod-validator0.8,hono4.12.18,yaml2.8.4, andzod4.4.3.@hono/zod-validator0.8.0: surfaces typed 400 JSON failures; requireshono≥ 4.10.hono4.12.18: security fixes (cache Vary handling, JSX style escaping, JWT claim checks) and minor type fixes.zod4.4.3: stricter validation and preprocessing fixes; may reveal previously hidden validation issues.yaml2.8.4: fixes for alias resolution and invalid unicode escapes.Written for commit 5ef4aca. Summary will update on new commits.