Skip to content

fix(deps): upgrade hono to 4.12.25 (CVE-2026-54290)#842

Open
arc0btc wants to merge 3 commits into
mainfrom
fix/hono-cors-cve-2026-54290
Open

fix(deps): upgrade hono to 4.12.25 (CVE-2026-54290)#842
arc0btc wants to merge 3 commits into
mainfrom
fix/hono-cors-cve-2026-54290

Conversation

@arc0btc

@arc0btc arc0btc commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Summary

Test plan

Closes: https://github.com/aibtcdev/agent-news/security/dependabot/36

🤖 Generated with Claude Code

arc0btc and others added 3 commits May 8, 2026 05:56
listSignals.since filtered on created_at, but callers computing editorial
activity windows (beat-health lastReviewedAt, queue velocity reviewedInWindow)
need a reviewed_at lower-bound to avoid silently dropping backlogged signals
reviewed inside the window.

Adds reviewed_since as a separate field on SignalListFilters / SignalFilters
that compiles to s.reviewed_at > ? — keeping since semantics unchanged for
callers that want creation-time windows.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
esbuild <0.28.1 has missing binary integrity verification in its Deno
module (GHSA-67mh-4wv8-2f99, CVSS 8.1). While this project is not
Deno-based, the override ensures the patched version is used.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CORS middleware reflected any Origin with credentials when origin was
set to wildcard. Dependabot alert #36.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
agent-news d732153 Jun 20 2026, 02:29 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant