Updating Hono & @modelcontextprotocol/sdk dependency versions #49
Conversation
| "drizzle-orm": "0.41.0", | ||
| "hono": "4.7.5", | ||
| "hono": "4.10.3", | ||
| "opencontrol": "npm:opencontrol@0.1.0" |
There was a problem hiding this comment.
would this need updated to
"opencontrol": "workspace:*" / latest version?
|
would core sst package need version bumped from |
|
Can we get this merged? What are the incompatibilities with hono 4.10 that are slowing this down? |
|
matthew-heath
changed the title
|
i'm commited to fixing the security vulnerability in SST for this we need to release a new version of Opencode and then update it on SST i'm trying your branch @matthew-heath and i get the following error when trying to run the how have you tested the change? i'm not as familiar with this codebase as with the SST one so if anyone can help me test this i will forward it to the core team |
Hey @vimtor, thanks for your reply. I have just re-visited this, updating 
|
vimtor
left a comment
vimtor
left a comment
There was a problem hiding this comment.
working!
i'll push to get this merged and released by next week
|
@vimtor Any updates on this? Would be great to get this merged to fix the various vulnerabilities in SST |
|
@niclaszllaudi waiting on the core team, probably getting merged this week |
6 participants
As per #48 / anomalyco/sst#6190, this PR intends to update the version of Hono to use patched version.
This also addresses #51.
Vulnerabilities:
high: Hono Improper Authorization vulnerability - GHSA-m732-5p4w-x69g
high: @modelcontextprotocol/sdk - GHSA-w48q-cv73-mx4w
moderate: Hono has Body Limit Middleware Bypass - GHSA-92vj-g62v-jqhh
moderate: Hono vulnerable to Vary Header Injection leading to potential CORS Bypass - GHSA-q7jf-gf43-6x6p