24130247230
82%

Ran 08 Apr 2026 10:20AM UTC

Jobs 8

Files 431

Run time 1min

Badge

Embed ▾

Committed 08 Apr 2026 10:06AM UTC coverage: 82.302% (-0.02%) from 82.323%

Build # 24130247230

Build Type

push

github

Committed by

web-flow

Commit Message

chore(deps): bump hono from 4.12.8 to 4.12.12 (#8454)

Bumps [hono](https://github.com/honojs/hono) from 4.12.8 to 4.12.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/hono/releases">hono's
releases</a>.</em></p>
<blockquote>
<h2>v4.12.12</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>Middleware bypass via repeated slashes in serveStatic</h3>
<p>Affects: Serve Static middleware. Fixes a path normalization
inconsistency where repeated slashes (<code>//</code>) could bypass
route-based middleware protections and allow access to protected static
files. GHSA-wmmm-f939-6g9c</p>
<h3>Path traversal in toSSG() allows writing files outside the output
directory</h3>
<p>Affects: <code>toSSG()</code> for Static Site Generation. Fixes a
path traversal issue where crafted <code>ssgParams</code> values could
write files outside the configured output directory.
GHSA-xf4j-xp2r-rqqx</p>
<h3>Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6
addresses</h3>
<p>Affects: IP Restriction Middleware. Fixes improper handling of
IPv4-mapped IPv6 addresses (e.g. <code>::ffff:127.0.0.1</code>) that
could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g</p>
<h3>Missing validation of cookie name on write path in setCookie()</h3>
<p>Affects: <code>setCookie()</code>, <code>serialize()</code>, and
<code>serializeSigned()</code> from <code>hono/cookie</code>. Fixes
missing validation of cookie names on the write path, preventing
inconsistent handling between parsing and serialization.
GHSA-26pp-8wgv-hjvm</p>
<h3>Non-breaking space prefix bypass in cookie name handling in
getCookie()</h3>
<p>Affects: <code>getCookie()</code> from <code>hono/cookie</code>.
Fixes a discrepancy in cookie name handling that could allow
attacker-controlled cookies to override legitimate ones and bypass
prefix protections. GHSA-r5rp-j6wh-rvv4</p>
<hr />
<p>Users who use Serve Sta... (continued)

Coverage Stats

2618 of 3484 branches covered (75.14%)

Branch coverage included in aggregate %.

5232 of 6054 relevant lines covered (86.42%)

94836.18 hits per line

Coverage Regressions

Lines	Coverage	∆	File
2	74.47	-4.26%	packages/main/src/components/AnalyticalTable/tableReducer/stateReducer.ts

Subprojects

ID	Flag name	Job ID	Ran	Files	Coverage
1	compat	24130247230.1	08 Apr 2026 10:20AM UTC	362	18.67	GitHub Action Run
2	main/src/components	24130247230.2	08 Apr 2026 10:26AM UTC	349	80.31	GitHub Action Run
3	main/src/webComponents	24130247230.3	08 Apr 2026 10:20AM UTC	347	14.44	GitHub Action Run
4	base	24130247230.4	08 Apr 2026 10:21AM UTC	358	17.03	GitHub Action Run
5	playwright	24130247230.5	08 Apr 2026 10:20AM UTC	9	86.98	GitHub Action Run
6	cypress-commands	24130247230.6	08 Apr 2026 10:20AM UTC	347	15.71	GitHub Action Run
7	main/src/internal	24130247230.7	08 Apr 2026 10:20AM UTC	348	15.97	GitHub Action Run
8	charts	24130247230.8	08 Apr 2026 10:22AM UTC	404	26.77	GitHub Action Run

UI5 / webcomponents-react / 24130247230
82%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Coverage Regressions

Subprojects

Source Files on build 24130247230

UI5 / webcomponents-react / 24130247230 82%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Coverage Regressions

Subprojects

Source Files on build 24130247230

UI5 / webcomponents-react / 24130247230
82%

README BADGES
x