UI5 / webcomponents-react / 27935190777
85%

DEFAULT BRANCH: main
Ran
Jobs 7
Files 205
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.49% (+0.008%) from 85.482%
27935190777

push

github

web-flow 
chore(deps): bump hono from 4.12.23 to 4.12.25 (#8702)

Bumps [hono](https://github.com/honojs/hono) from 4.12.23 to 4.12.25.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/hono/releases">hono's
releases</a>.</em></p>
<blockquote>
<h2>v4.12.25</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>CORS Middleware reflects any Origin with credentials when
<code>origin</code> defaults to the wildcard</h3>
<p>Affects: <code>hono/cors</code>. Fixes the wildcard origin reflecting
the request <code>Origin</code> and sending
<code>Access-Control-Allow-Credentials: true</code> when
<code>credentials: true</code> is set without an explicit
<code>origin</code>, where any site a logged-in user visited could make
credentialed cross-origin requests and read responses from
cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc</p>
<h3>Body Limit Middleware can be bypassed on AWS Lambda by understating
<code>Content-Length</code></h3>
<p>Affects: <code>hono/body-limit</code> on AWS Lambda
(<code>hono/aws-lambda</code>, <code>hono/lambda-edge</code>). Fixes the
request being built with the client-declared <code>Content-Length</code>
while the body is delivered fully buffered, where a client could declare
a small <code>Content-Length</code> with a much larger body and slip
past the configured size limit. GHSA-rv63-4mwf-qqc2</p>
<h3>Path traversal in <code>serve-static</code> on Windows via encoded
backslash (<code>%5C</code>)</h3>
<p>Affects: <code>serveStatic</code> on Windows (Node, Bun, Deno
adapters). Fixes the path guard allowing a lone backslash, where an
encoded backslash (<code>%5C</code>) decoded to <code>\</code> was
treated as a separator by the Windows path resolver, letting a single
URL segment escape into a middleware-guarded subtree.
GHSA-wwfh-h76j-fc44</p>
<h3>AWS Lambda adapter merges multiple <code>Set-Cookie</code> headers
into one value, dropping cookies... (continued)

4085 of 5146 branches covered (79.38%)

Branch coverage included in aggregate %.

7027 of 7852 relevant lines covered (89.49%)

323143.39 hits per line

Subprojects
ID Flag name Job ID Ran Files Coverage
1 compat 27935190777.1 148
11.11
 GitHub Action Run
2 playwright 27935190777.2 62
84.83
 GitHub Action Run
3 main/src/components 27935190777.3 140
79.89
 GitHub Action Run
4 cypress-commands 27935190777.4 140
8.46
 GitHub Action Run
5 main/src/internal 27935190777.5 140
8.53
 GitHub Action Run
6 base 27935190777.6 140
9.49
 GitHub Action Run
7 main/src/webComponents 27935190777.7 140
7.22
 GitHub Action Run
Source Files on build 27935190777