Skip to content

Bump hono and @redocly/realm #3345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Bump hono and @redocly/realm #3345

wants to merge 3 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 8, 2025

Bumps hono to 4.9.7 and updates ancestor dependency @redocly/realm. These dependencies need to be updated together.

Updates hono from 4.6.5 to 4.9.7

Release notes

Sourced from hono's releases.

v4.9.7

Security

  • Fixed an issue in the bodyLimit middleware where the body size limit could be bypassed when both Content-Length and Transfer-Encoding headers were present. If you are using this middleware, please update immediately. Security Advisory

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.9.6...v4.9.7

v4.9.6

Security

Fixed a bug in URL path parsing (getPath) that could cause path confusion under malformed requests.

If you rely on reverse proxies (e.g. Nginx) for ACLs or restrict access to endpoints like /admin, please update immediately.

See advisory for details: GHSA-9hp6-4448-45g2

What's Changed

Full Changelog: honojs/hono@v4.9.5...v4.9.6

v4.9.5

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.9.4...v4.9.5

v4.9.4

What's Changed

... (truncated)

Commits

Updates @redocly/realm from 0.122.3 to 0.126.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump hono and @redocly/realm
9e40756 
Bumps [hono](https://github.com/honojs/hono) to 4.9.7 and updates ancestor dependency @redocly/realm. These dependencies need to be updated together.


Updates `hono` from 4.6.5 to 4.9.7
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.6.5...v4.9.7)

Updates `@redocly/realm` from 0.122.3 to 0.126.0

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.9.7
  dependency-type: indirect
- dependency-name: "@redocly/realm"
  dependency-version: 0.126.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 8, 2025
mDuo13
mDuo13 requested changes Oct 8, 2025
View reviewed changes
Copy link
Collaborator

@mDuo13 mDuo13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The site doesn't currently build with Redocly 0.126.0.

Nazarii Mykhailets and others added 2 commits October 9, 2025 13:01
@mDuo13
Copy link
Collaborator

mDuo13 commented Oct 9, 2025

After merging in #3348, the site builds, but the dev server startup is much slower than it used to be (almost 2 minutes vs under 30 seconds). I've asked Redocly what we can do about that, so I'll be holding off on this upgrade at least until I hear back.

@mDuo13
Copy link
Collaborator

mDuo13 commented Oct 21, 2025

The performance issues appear to be specific to rotational HDDs, not SSDs, so we will merge this if @amarantha-k can provide a second confirmation that it runs fine.

(The build failure is a dependabot-specific permissions issue and not a real problem.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mDuo13 mDuo13 mDuo13 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mDuo13