Skip to content

chore(deps): bump the prod-minor-patch group across 1 directory with 7 updates#448

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/server/prod-minor-patch-53d48070f6
Open

chore(deps): bump the prod-minor-patch group across 1 directory with 7 updates#448
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/server/prod-minor-patch-53d48070f6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-minor-patch group with 7 updates in the /apps/server directory:

Package From To
@aws-sdk/client-s3 3.1069.0 3.1075.0
@hono/node-server 2.0.5 2.0.6
@pothos/core 4.12.0 4.13.0
@scalar/hono-api-reference 0.11.3 0.11.6
resend 6.12.4 6.16.0
hono 4.12.25 4.12.27
sharp 0.35.1 0.35.2

Updates @aws-sdk/client-s3 from 3.1069.0 to 3.1075.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1075.0

3.1075.0(2026-06-23)

New Features
  • client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (005f9529)

For list of updated packages, view updated-packages.md in assets-3.1075.0.zip

v3.1074.0

3.1074.0(2026-06-22)

Chores
Documentation Changes
New Features
  • clients: update client endpoints as of 2026-06-22 (3a55a333)
  • client-cloudwatch-logs: CloudWatch Logs Updates - New APIs introduced to support syslog ingestion to a log group. For more information, see CloudWatch Logs API documentation. (01a3b513)
  • client-bedrock-agentcore: Adds an optional extractionMode field to CreateEvent. SKIP retains the event in short-term memory but excludes it from long-term memory extraction. (749753ad)
  • client-omics: Adds support for scratch ephemeral storage mounted at tmp (331e3023)
  • client-application-signals: Application Signals now supports dynamic instrumentation and Service Events telemetry. Add instrumentation at runtime without restarts, and use fine-grained profiling data to quickly pinpoint latency and error root causes. (f93b1c03)
  • client-mediaconnect: AWS MediaConnect now supports Content Quality Analysis for Router Inputs, enabling detection of black frames, frozen frames, and silent audio with configurable thresholds. (05054853)
  • client-lambda-core: Initial release of the AWS Lambda Core SDK with APIs to create, manage, and tag network connectors that enable Lambda compute resources to access private resources in your Amazon VPC. (e35cdab8)
  • client-lambda: Add support for tagging Network Connector resources in AWS Lambda. (fbfc4078)
  • client-guardduty: Added AI-powered investigations that automatically analyze security findings, correlate related activity, and produce structured summaries with risk assessment, confidence scoring, MITRE technique classification, and actionable next steps. (83c29839)
  • client-lambda-microvms: Lambda MicroVMs GA launch. Lambda MicroVMs enable isolated and highly responsive execution of user-supplied or LLM-generated code. (5519a7e2)
  • client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (ce7d1bf5)
  • client-quicksight: Updated the Amazon Quick Spaces API to remove unsupported SPACE and ARTIFACT values from the SpaceQuickSightResourceType enum. (e1b325d4)
  • client-ec2: This release adds support for AMI Watermark and Allowed AMIs integration (d1698bed)
  • client-direct-connect: Added VIF rate limiting support for AWS Direct Connect, allowing customers to set bandwidth allocations on virtual interfaces to manage traffic on dedicated connections. (228a95dc)
Bug Fixes
  • cloudfront-signer: filename asterisk apostrophe encoding fix (#8119) (35acab40)

For list of updated packages, view updated-packages.md in assets-3.1074.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1075.0 (2026-06-23)

Note: Version bump only for package @​aws-sdk/client-s3

3.1074.0 (2026-06-22)

Note: Version bump only for package @​aws-sdk/client-s3

3.1073.0 (2026-06-19)

Note: Version bump only for package @​aws-sdk/client-s3

3.1072.0 (2026-06-18)

Note: Version bump only for package @​aws-sdk/client-s3

3.1071.0 (2026-06-17)

Note: Version bump only for package @​aws-sdk/client-s3

3.1070.0 (2026-06-16)

Features

  • client-s3: Added support for annotations. You can now attach up to 1000 annotations (up to 1 MB each) directly to objects and create, retrieve, list, and delete them using new annotation APIs. Also added support for configuring an annotation table in S3 Metadata. (c555874)
Commits

Updates @hono/node-server from 2.0.5 to 2.0.6

Release notes

Sourced from @​hono/node-server's releases.

v2.0.6

What's Changed

Full Changelog: honojs/node-server@v2.0.5...v2.0.6

Commits
  • ff75c61 2.0.6
  • 814720f fix: preserve status and statusText when cloning a Response with live headers...
  • a76209a ci: use npm Staged publishing (#364)
  • 44c365a ci: publish to npm from CI with OIDC trusted publishing and bump np (#361)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​hono/node-server since your current version.


Updates @pothos/core from 4.12.0 to 4.13.0

Release notes

Sourced from @​pothos/core's releases.

@​pothos/core@​4.13.0

Minor Changes

  • 044520d: Support graphql 17 alongside graphql 16. Peer dependency ranges now accept ^16.10.0 || ^17.0.0, and the library source compiles against both majors. graphql 17 changed a handful of types that Pothos touches: GraphQLNonNull<T> is now constrained to nullable types, GraphQLResolveInfo['variableValues'] became { sources, coerced } (consumed by the complexity plugin via getArgumentValues), and GraphQLArgument is no longer assignable to GraphQLField. Each is handled in a version-agnostic way, with a runtime version branch only where the variableValues shape genuinely differs.

    graphql 17 also moved incremental delivery (@defer/@stream) out of the stable execute, which now throws on any schema that declares those directives. @pothos/test-utils gains a version-aware execute helper that routes through experimentalExecuteIncrementally on 17 and collapses the incremental payloads back into a single result, so defer/stream-aware query planning in the prisma and drizzle plugins is validated identically on both majors.

    scalarType now accepts graphql 17's modern coercion hooks — coerceOutputValue, coerceInputValue, coerceInputLiteral, and valueToLiteral — alongside the existing serialize/parseValue/parseLiteral. These are consulted only on graphql 17+ (graphql 16 continues to use serialize/parseValue/parseLiteral); per graphql's constructor, coerceInputLiteral must be paired with coerceInputValue. serialize is now optional when coerceOutputValue is provided instead (one of the two is required for output).

Changelog

Sourced from @​pothos/core's changelog.

4.13.0

Minor Changes

  • 044520d: Support graphql 17 alongside graphql 16. Peer dependency ranges now accept ^16.10.0 || ^17.0.0, and the library source compiles against both majors. graphql 17 changed a handful of types that Pothos touches: GraphQLNonNull<T> is now constrained to nullable types, GraphQLResolveInfo['variableValues'] became { sources, coerced } (consumed by the complexity plugin via getArgumentValues), and GraphQLArgument is no longer assignable to GraphQLField. Each is handled in a version-agnostic way, with a runtime version branch only where the variableValues shape genuinely differs.

    graphql 17 also moved incremental delivery (@defer/@stream) out of the stable execute, which now throws on any schema that declares those directives. @pothos/test-utils gains a version-aware execute helper that routes through experimentalExecuteIncrementally on 17 and collapses the incremental payloads back into a single result, so defer/stream-aware query planning in the prisma and drizzle plugins is validated identically on both majors.

    scalarType now accepts graphql 17's modern coercion hooks — coerceOutputValue, coerceInputValue, coerceInputLiteral, and valueToLiteral — alongside the existing serialize/parseValue/parseLiteral. These are consulted only on graphql 17+ (graphql 16 continues to use serialize/parseValue/parseLiteral); per graphql's constructor, coerceInputLiteral must be paired with coerceInputValue. serialize is now optional when coerceOutputValue is provided instead (one of the two is required for output).

Commits
  • 475c825 chore: update versions
  • e0c8bd5 feat(core): add graphql 17 scalar coercion hooks; fix incremental execute helper
  • 044520d feat: support graphql 17 alongside graphql 16
  • 37012ca chore: upgrade to TypeScript native preview (tsgo) and Node 24
  • e8c02e5 fix drizzle selection bug and update dependencies
  • af04f62 fix typos
  • See full diff in compare view

Updates @scalar/hono-api-reference from 0.11.3 to 0.11.6

Changelog

Sourced from @​scalar/hono-api-reference's changelog.

0.11.6

0.11.5

0.11.4

Commits

Updates resend from 6.12.4 to 6.16.0

Release notes

Sourced from resend's releases.

v6.15.0

What's Changed

Full Changelog: resend/resend-node@v6.14.0...v6.15.0

v6.14.0

What's Changed

Full Changelog: resend/resend-node@v6.13.0...v6.14.0

v6.13.0

What's Changed

New Contributors

Full Changelog: resend/resend-node@v6.12.4...v6.13.0

Commits

Updates hono from 4.12.25 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc

Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

Commits
  • 97c6fe1 4.12.27
  • aa92177 Merge commit from fork
  • cd3f6f7 Merge commit from fork
  • d4853a8 fix(jsx): make merged context-isolation tests pass tsc type check (#5037)
  • 6735fea fix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)
  • fab3b13 Merge commit from fork
  • 9f0dadf ci: use npm Staged publishing (#5035)
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates sharp from 0.35.1 to 0.35.2

Release notes

Sourced from sharp's releases.

v0.35.2

v0.35.2-rc.2

  • TypeScript: Add mediaType to metadata response. #4492

  • Improve WebAssembly fallback detection. #4513

  • Improve code bundler support with stub binaries. #4543

  • Verify GIF effort option is an integer. #4544 @​metsw24-max

  • Verify recomb matrix entries are numbers. #4545 @​metsw24-max

  • TypeScript: Replace namespace with named exports for ESM. #4546

... (truncated)

Commits
  • c9622a3 Release v0.35.2
  • cd4568f Upgrade to sharp-libvips v1.3.1
  • 78390cf Tests: Add font file to prevent font discovery flakiness (#4550)
  • 61210b4 Verify convolve kernel values are numbers (#4549)
  • 1cb27dc Prerelease v0.35.2-rc.2
  • c7606c3 Upgrade to sharp-libvips v1.3.1-rc.0
  • 29d1e9e Prerelease v0.35.2-rc.1
  • bbba0a1 Improve code bundler support with stub binaries
  • ab52866 Bound dilate and erode width to avoid mask-size overflow (#4548)
  • 0f594dd Prerelease v0.35.2-rc.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the prod-minor-patch group across 1 directory with …
264db1c 
…7 updates

Bumps the prod-minor-patch group with 7 updates in the /apps/server directory:

| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1069.0` | `3.1075.0` |
| [@hono/node-server](https://github.com/honojs/node-server) | `2.0.5` | `2.0.6` |
| [@pothos/core](https://github.com/hayes/pothos/tree/HEAD/packages/core) | `4.12.0` | `4.13.0` |
| [@scalar/hono-api-reference](https://github.com/scalar/scalar/tree/HEAD/integrations/hono) | `0.11.3` | `0.11.6` |
| [resend](https://github.com/resend/resend-node) | `6.12.4` | `6.16.0` |
| [hono](https://github.com/honojs/hono) | `4.12.25` | `4.12.27` |
| [sharp](https://github.com/lovell/sharp) | `0.35.1` | `0.35.2` |



Updates `@aws-sdk/client-s3` from 3.1069.0 to 3.1075.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1075.0/clients/client-s3)

Updates `@hono/node-server` from 2.0.5 to 2.0.6
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v2.0.5...v2.0.6)

Updates `@pothos/core` from 4.12.0 to 4.13.0
- [Release notes](https://github.com/hayes/pothos/releases)
- [Changelog](https://github.com/hayes/pothos/blob/main/packages/core/CHANGELOG.md)
- [Commits](https://github.com/hayes/pothos/commits/@pothos/core@4.13.0/packages/core)

Updates `@scalar/hono-api-reference` from 0.11.3 to 0.11.6
- [Release notes](https://github.com/scalar/scalar/releases)
- [Changelog](https://github.com/scalar/scalar/blob/main/integrations/hono/CHANGELOG.md)
- [Commits](https://github.com/scalar/scalar/commits/HEAD/integrations/hono)

Updates `resend` from 6.12.4 to 6.16.0
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v6.12.4...v6.16.0)

Updates `hono` from 4.12.25 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.25...v4.12.27)

Updates `sharp` from 0.35.1 to 0.35.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.35.1...v0.35.2)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-s3"
  dependency-version: 3.1075.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: "@hono/node-server"
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: "@pothos/core"
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: "@scalar/hono-api-reference"
  dependency-version: 0.11.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: resend
  dependency-version: 6.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants