Skip to content

Commit 933a94b

Browse files
tobyhedetobyhede
committed
fix(hono-supabase): bump hono to >=4.11.4 for CVE-2026-22817/22818
Addresses JWT/JWK/JWKS algorithm confusion vulnerabilities (CVSS 8.2). While the JWT middleware is not used in this example, the version constraint is updated to satisfy security SLA requirements.
1 parent 82eb85c commit 933a94b

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

examples/hono-supabase/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
"@hono/node-server": "^1.13.7",
1111
"@supabase/supabase-js": "^2.47.10",
1212
"dotenv": "^16.4.7",
13-
"hono": "^4.6.15"
13+
"hono": "^4.11.4"
1414
},
1515
"devDependencies": {
1616
"@types/node": "^20.11.17",

pnpm-lock.yaml

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)