Package depends on vulnerable version of hono

[gadamson-upco]

The version of hono included as a dependency has two open vulnerabilities, one medium severity and one high:

• Hono has Body Limit Middleware Bypass - GHSA-92vj-g62v-jqhh
• Hono Improper Authorization vulnerability - GHSA-m732-5p4w-x69g

Because SST also includes opencontrol, it seems like this impacts all recent versions of SST.

sst@3.17.19
  └─┬ opencontrol@0.0.6
    └── hono@4.7.4

[smith558]

This should be fixed asap. It's now 2 moderate and 1 high severity security vulnerabilities:

• Hono has Body Limit Middleware Bypass - GHSA-92vj-g62v-jqhh
• Hono Improper Authorization vulnerability - GHSA-m732-5p4w-x69g
• Hono vulnerable to Vary Header Injection leading to potential CORS Bypass - GHSA-q7jf-gf43-6x6p

[smith558]

@thdxr high severity vulnerability

[matthew-heath]

New high sev for Hono published last week:

Hono < 4.11.4 - GHSA-3vhc-576x-3qv4

PR here updated to fix.