Commit bf623f8
authored
fix(deps): drop @hono/node-server override to patch GHSA-wc8c-qw6v-h7f6 (#535)
The override pinning @hono/node-server to 1.19.7 was added in 7197610
as a workaround when @modelcontextprotocol/sdk 1.25.3 required ^1.19.9,
which did not yet exist on the public npm registry.
That constraint is now obsolete: the SDK is pinned to 1.25.2 (requires
^1.19.7), and 1.19.8-1.19.11 have since been published. Removing the
override lets npm naturally resolve 1.19.11, which includes the fix for
the HIGH-severity auth bypass in the Serve Static middleware
(GHSA-wc8c-qw6v-h7f6, fixed in 1.19.10).
Lockfile regenerated against registry.npmjs.org (no artifactory URLs).1 parent 7eb72c7 commit bf623f8
2 files changed
Lines changed: 3 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
124 | 124 | | |
125 | 125 | | |
126 | 126 | | |
127 | | - | |
128 | 127 | | |
129 | 128 | | |
130 | 129 | | |
0 commit comments