Skip to content

fix(deps): bump hono to ^4.12.7 (GHSA-v8w9-8mx6-g223)#308

Merged
wrsmith108 merged 1 commit intomainfrom
fix/dependabot-38-hono-prototype-pollution
Mar 12, 2026
Merged

fix(deps): bump hono to ^4.12.7 (GHSA-v8w9-8mx6-g223)#308
wrsmith108 merged 1 commit intomainfrom
fix/dependabot-38-hono-prototype-pollution

Conversation

@wrsmith108
Copy link
Member

@wrsmith108 wrsmith108 commented Mar 12, 2026

Summary

Resolves https://github.com/smith-horn/skillsmith/security/dependabot/38

Test plan

  • npm ls hono confirms 4.12.7
  • Build passes
  • Pre-commit checks pass (typecheck, lint, format)
  • Pre-push security tests pass
  • CI green

🤖 Generated with claude-flow

@wrsmith108 @ruvnet @claude
fix(deps): bump hono override to ^4.12.7 (GHSA-v8w9-8mx6-g223)
23ab9ba 
Resolves Dependabot alert #38 — prototype pollution via parseBody({ dot: true }).
Not exploitable in Skillsmith (we don't use parseBody), but patching the transitive
dependency through @modelcontextprotocol/sdk to eliminate the advisory.

Co-Authored-By: claude-flow <ruv@ruv.net>
Co-Authored-By: Claude <noreply@anthropic.com>
@wrsmith108 wrsmith108 merged commit 3f49a46 into main Mar 12, 2026
9 of 10 checks passed
@github-actions
Copy link

github-actions bot commented Mar 12, 2026

Performance Benchmark Results

╔═══════════════════════════════════════════════════════════════╗
║ SMI-1537: V3 Migration Performance Benchmarks ║
╠═══════════════════════════════════════════════════════════════╣
║ Memory Operations: 40x target ║
║ Embedding Search: 150x target ║
║ Recommendation Pipeline: 4x target ║
╚═══════════════════════════════════════════════════════════════╝

Running 50 iterations with 10 warmup...

--- Memory Operations ---

--- Embedding Search ---
Indexing 10K vectors... done

--- Recommendation Pipeline ---
Initializing recommendation pipeline with 1000 skills... done

═══════════════════════════════════════════════════════════════

V3 Migration Benchmark Report

Date: 2026-03-12T06:12:21.505Z
Node.js: v22.22.1

Results

Operation V2 Baseline V3 Result Speedup Target Status
Memory Store 200ms 0.00ms 183150x 40x
Memory Get 150ms 0.00ms 282486x 40x
Memory Delete 180ms 0.00ms 332717x 40x
Embedding Search (10K vectors) 500ms 0.13ms 3924x 150x
Recommendation Pipeline 800ms 0.22ms 3644x 4x

Summary

  • Total Benchmarks: 5
  • Passed: 5
  • Failed: 0
  • All Targets Met: ✅ Yes

Notes

  • V2 baselines are from pre-migration measurements (simulated for this benchmark)
  • Target threshold includes 20% tolerance for environmental variance
  • Memory operations use in-memory Map (real V3 uses optimized SQLite)
  • Embedding search simulates HNSW algorithm efficiency (real V3 uses onnxruntime-node)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wrsmith108