chore(deps-dev): bump hono from 4.12.14 to 4.12.18 by dependabot[bot] · Pull Request #40686 · microsoft/playwright

dependabot · 2026-05-07T02:15:08Z

Bumps hono from 4.12.14 to 4.12.18.

Release notes

v4.12.18

Security fixes

This release includes fixes for the following security issues:

Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Affects: Cache Middleware. Fixes missing cache-skip handling for Vary: Authorization and Vary: Cookie, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm

CSS Declaration Injection via Style Object Values in JSX SSR

Affects: hono/jsx. Fixes a missing CSS-context escape for style object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p

Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Affects: hono/utils/jwt. Fixes improper validation of exp, nbf, and iat claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36

Users who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.

v4.12.17

What's Changed

fix(jsx): normalize SVG attributes on the root element by @kfly8 in honojs/hono#4893

fix(ssg): add atom+xml and rss+xml to defaultExtensionMap by @yuintei in honojs/hono#4899

fix(cors): make origin optional in CORSOptions by @truffle-dev in honojs/hono#4905

fix(types): propagate middleware response types to app.on overloads by @T4ko0522 in honojs/hono#4906

New Contributors

@kfly8 made their first contribution in honojs/hono#4893

@truffle-dev made their first contribution in honojs/hono#4905

Full Changelog: honojs/hono@v4.12.16...v4.12.17

v4.12.16

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

v4.12.15

What's Changed

fix(jwt): support single-line PEM keys by @hiendv in honojs/hono#4889

... (truncated)

Commits

f10dee8 4.12.18
a5bd9eb Merge commit from fork
58d3d3a Merge commit from fork
568c2ec Merge commit from fork
ff2b3d3 4.12.17
52aaaf9 fix(types): propagate middleware response types to app.on overloads (#4906)
76d5589 fix(cors): make origin optional in CORSOptions (#4905)
8f027e5 fix(ssg): add atom+xml and rss+xml to defaultExtensionMap (#4899)
bfba97c fix(jsx): normalize SVG attributes on the <svg> root element (#4893)
90d4182 4.12.16
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [hono](https://github.com/honojs/hono) from 4.12.14 to 4.12.18. - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.14...v4.12.18) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.18 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-07T02:40:23Z

Test results for "MCP"

3 failed
❌ [firefox] › mcp/dashboard.spec.ts:159 › save recording streams WebM bytes to the chosen file @mcp-windows-latest-firefox
❌ [firefox] › mcp/test-run.spec.ts:126 › test_run should stop when aborted @mcp-windows-latest-firefox
❌ [msedge] › mcp/test-run.spec.ts:126 › test_run should stop when aborted @mcp-windows-latest-msedge

7012 passed, 1058 skipped

Merge workflow run.

github-actions · 2026-05-07T02:54:45Z

Test results for "tests 1"

3 flaky

⚠️ [chromium-library] › library/video.spec.ts:719 › screencast › should work with video+trace `@chromium-ubuntu-22.04-arm-node20`
⚠️ [chromium-library] › library/video.spec.ts:719 › screencast › should work with video+trace `@chromium-ubuntu-22.04-node24`
⚠️ [playwright-test] › ui-mode-test-output.spec.ts:118 › should collapse repeated console messages for test `@windows-latest-node20`

41652 passed, 851 skipped

Merge workflow run.

github-actions · 2026-05-07T03:02:36Z

Test results for "tests others"

18 flaky

⚠️ [electron-page] › page/page-goto.spec.ts:462 › should fail when replaced by another navigation `@electron-ubuntu-latest`
⚠️ [electron-page] › page/page-navigation.spec.ts:28 › should work with cross-process _blank target `@electron-ubuntu-latest`
⚠️ [electron-page] › page/page-navigation.spec.ts:36 › should work with _blank target in form `@electron-ubuntu-latest`
⚠️ [electron-page] › page/page-request-continue.spec.ts:398 › should respect set-cookie in redirect response `@electron-ubuntu-latest`
⚠️ [electron-page] › page/page-route.spec.ts:74 › should not support ? in glob pattern `@electron-ubuntu-latest`
⚠️ [electron-page] › page/page-route.spec.ts:169 › should not override cookie header `@electron-ubuntu-latest`
⚠️ [electron-page] › page/page-goto.spec.ts:462 › should fail when replaced by another navigation `@electron-macos-latest`
⚠️ [electron-page] › page/page-navigation.spec.ts:28 › should work with cross-process _blank target `@electron-macos-latest`
⚠️ [electron-page] › page/page-navigation.spec.ts:36 › should work with _blank target in form `@electron-macos-latest`
⚠️ [electron-page] › page/page-request-continue.spec.ts:398 › should respect set-cookie in redirect response `@electron-macos-latest`
⚠️ [electron-page] › page/page-route.spec.ts:74 › should not support ? in glob pattern `@electron-macos-latest`
⚠️ [electron-page] › page/page-route.spec.ts:169 › should not override cookie header `@electron-macos-latest`
⚠️ [electron-page] › page/page-goto.spec.ts:462 › should fail when replaced by another navigation `@electron-windows-latest`
⚠️ [electron-page] › page/page-navigation.spec.ts:28 › should work with cross-process _blank target `@electron-windows-latest`
⚠️ [electron-page] › page/page-navigation.spec.ts:36 › should work with _blank target in form `@electron-windows-latest`
⚠️ [electron-page] › page/page-request-continue.spec.ts:398 › should respect set-cookie in redirect response `@electron-windows-latest`
⚠️ [electron-page] › page/page-route.spec.ts:74 › should not support ? in glob pattern `@electron-windows-latest`
⚠️ [electron-page] › page/page-route.spec.ts:169 › should not override cookie header `@electron-windows-latest`

19691 passed, 651 skipped

Merge workflow run.

github-actions · 2026-05-07T03:54:14Z

Test results for "tests 2"

10 fatal errors, not part of any test
14 failed
❌ [chromium-library] › library/trace-viewer.spec.ts:195 › should filter actions by text @chromium-macos-15-large
❌ [firefox-page] › page/page-emulate-media.spec.ts:196 › should report hover and fine pointer for desktop @firefox-beta-ubuntu-22.04
❌ [firefox-library] › library/capabilities.spec.ts:105 › should support webgl @smoke @firefox-beta-windows-latest
❌ [firefox-page] › page/page-screenshot.spec.ts:321 › page screenshot › should work for webgl @firefox-beta-windows-latest
❌ [firefox-library] › library/browsercontext-reuse.spec.ts:361 › reuse launch › should work with routeWebSocket @firefox-macos-26-large
❌ [firefox-library] › library/client-certificates.spec.ts:867 › browser › persistentContext › should pass with matching certificates @firefox-macos-26-large
❌ [firefox-library] › library/defaultbrowsercontext-1.spec.ts:48 › context.addCookies() should work @firefox-macos-26-large
❌ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:24 › should support hasTouch option @firefox-macos-26-large
❌ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:140 › should create userDataDir if it does not exist @firefox-macos-26-large
❌ [firefox-library] › library/downloads-path.spec.ts:48 › downloads path › should delete downloads when context closes @firefox-macos-26-large
❌ [firefox-library] › library/page-clock.spec.ts:418 › while running › should fastForward @firefox-macos-26-large
❌ [firefox-library] › library/capabilities.spec.ts:105 › should support webgl @smoke @firefox-beta-macos-latest
❌ [firefox-library] › library/capabilities.spec.ts:113 › should support webgl 2 @smoke @firefox-beta-macos-latest
❌ [firefox-page] › page/page-screenshot.spec.ts:321 › page screenshot › should work for webgl @firefox-beta-macos-latest

105 flaky

⚠️ [chromium-library] › library/trace-viewer-scrub.spec.ts:178 › should drag scrubber to select action `@msedge-dev-windows-latest`
⚠️ [chromium-page] › page/page-event-console.spec.ts:255 › should have timestamp in consoleMessages `@msedge-dev-windows-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:173 › launchServer › should ignore page.pause when headed `@chromium-macos-26-large`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:278 › launchServer › disconnected event should be emitted when browser is closed or server is closed `@chromium-tip-of-tree-macos-15--headed`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:358 › launchServer › should reject navigation when browser closes `@chromium-tip-of-tree-macos-15--headed`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:1101 › launchServer only › should be able to reconnect to a browser 12 times without warnings `@chromium-tip-of-tree-macos-15--headed`
⚠️ [chromium-library] › library/trace-viewer.spec.ts:1303 › should update highlight when typing locator `@chromium-tip-of-tree-macos-15`
⚠️ [chromium-library] › library/video.spec.ts:719 › screencast › should work with video+trace `@chromium-ubuntu-24.04`
⚠️ [chromium-library] › library/browsercontext-proxy.spec.ts:103 › should set cookie for top-level domain `@msedge-beta-windows-latest`
⚠️ [chromium-page] › page/workers.spec.ts:63 › should have timestamp on worker console messages `@msedge-beta-windows-latest`
⚠️ [chromium-library] › library/video.spec.ts:275 › screencast › should capture navigation `@channel-chromium-ubuntu-latest`
⚠️ [chromium-page] › page/page-event-console.spec.ts:255 › should have timestamp in consoleMessages `@chromium-tip-of-tree-windows-latest--headed`
⚠️ [chromium-library] › library/browsercontext-user-agent.spec.ts:110 › should work for navigator.userAgentData and sec-ch-ua headers `@msedge-macos-latest`
⚠️ [chromium-library] › library/video.spec.ts:682 › screencast › should capture full viewport on hidpi `@chromium-macos-15-large`
⚠️ [chromium-page] › page/page-wait-for-selector-2.spec.ts:342 › should succeed if element handle was detached while waiting for hidden `@chromium-macos-15-large`
⚠️ [chromium-library] › library/video.spec.ts:719 › screencast › should work with video+trace `@chromium-macos-14-xlarge`
⚠️ [chromium-library] › library/video.spec.ts:647 › screencast › should capture full viewport `@chromium-macos-15-xlarge`
⚠️ [chromium-library] › library/video.spec.ts:719 › screencast › should work with video+trace `@chromium-macos-15-xlarge`
⚠️ [chromium-library] › library/chromium/connect-over-cdp.spec.ts:639 › should skip default overrides with noDefaults `@msedge-beta-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:141 › launchServer › should be able to reconnect to a browser `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:173 › launchServer › should ignore page.pause when headed `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:358 › launchServer › should reject navigation when browser closes `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:616 › launchServer › should properly disconnect when connection closes from the client side `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:1101 › launchServer only › should be able to reconnect to a browser 12 times without warnings `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:161 › launchServer › should be able to visit ipv6 `@chrome-beta-macos-latest`
⚠️ [chromium-library] › library/video.spec.ts:647 › screencast › should capture full viewport `@chromium-macos-26-xlarge`
⚠️ [chromium-library] › library/video.spec.ts:719 › screencast › should work with video+trace `@chromium-macos-26-xlarge`
⚠️ [chromium-library] › library/beforeunload.spec.ts:130 › should support dismissing the dialog multiple times `@chrome-macos-latest`
⚠️ [chromium-library] › library/chromium/connect-over-cdp.spec.ts:639 › should skip default overrides with noDefaults `@chrome-macos-latest`
⚠️ [chromium-library] › library/inspector/cli-codegen-python.spec.ts:24 › should print the correct imports and context options `@chrome-macos-latest`
⚠️ [chromium-page] › page/elementhandle-misc.spec.ts:27 › should hover when Node is removed `@chromium-headed-windows-latest`
⚠️ [firefox-library] › library/browsercontext-basic.spec.ts:163 › should propagate default viewport to the page `@firefox-macos-26-xlarge`
⚠️ [firefox-library] › library/page-close.spec.ts:152 › should not treat navigations as new popups `@firefox-headed-macos-15-xlarge`
⚠️ [firefox-library] › library/browsercontext-basic.spec.ts:36 › should be able to click across browser contexts `@firefox-headed-ubuntu-24.04`
⚠️ [firefox-page] › page/page-emulate-media.spec.ts:144 › should keep reduced motion and color emulation after reload `@firefox-headed-ubuntu-24.04`
⚠️ [firefox-page] › page/to-match-aria-snapshot.spec.ts:762 › should not match what is not matched `@tracing-firefox`
⚠️ [firefox-page] › page/page-leaks.spec.ts:85 › click should not leak `@firefox-beta-windows-latest`
⚠️ [firefox-library] › library/browsercontext-events.spec.ts:30 › console event should work with element handles `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/browsercontext-pages.spec.ts:46 › should click with disabled javascript `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/debugger.spec.ts:68 › should run to location `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/screencast.spec.ts:202 › empty video `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:1014 › should register custom elements `@firefox-headed-windows-latest`
⚠️ [firefox-page] › page/page-add-locator-handler.spec.ts:212 › should work when owner frame detaches `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/beforeunload.spec.ts:20 › should close browser with beforeunload page `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browser-server.spec.ts:28 › should start and stop pipe server `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browser.spec.ts:54 › should dispatch page.on(close) upon browser.close and reject evaluate `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsercontext-add-cookies.spec.ts:22 › should work @smoke `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsercontext-base-url.spec.ts:20 › should construct a new URL when a baseURL in browser.newContext is passed to page.goto @smoke `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsercontext-reuse.spec.ts:255 › reuse launch › should ignore binding from beforeunload `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsercontext-reuse.spec.ts:412 › reuse launch › should update viewport and media `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsercontext-reuse.spec.ts:117 › reuse connect › should reset serviceworker `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsercontext-storage-state.spec.ts:399 › should roundtrip local storage in third-party context `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsertype-launch-server.spec.ts:33 › launch server › should work with host `@firefox-macos-26-large`
⚠️ [firefox-library] › library/browsertype-launch.spec.ts:22 › should reject all promises when browser is closed `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-1.spec.ts:28 › context.cookies() should work @smoke `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-1.spec.ts:70 › context.clearCookies() should work `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:50 › should support forcedColors option `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:147 › should have default URL when launching browser `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:161 › should have passed URL when launching with ignoreDefaultArgs: true `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:245 › user agent is up to date `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:252 › dialog.accept should work `@firefox-macos-26-large`
⚠️ [firefox-library] › library/download.spec.ts:377 › download event › should delete downloads on browser gone `@firefox-macos-26-large`
⚠️ [firefox-library] › library/download.spec.ts:476 › download event › should throw if browser dies `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-1.spec.ts:817 › cli codegen › should attribute navigation to click `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-aria.spec.ts:21 › should generate aria snapshot `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-csharp.spec.ts:153 › should print load/save storageState `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-csharp.spec.ts:208 › should print context options method override in xunit if options were passed `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-java.spec.ts:24 › should print the correct imports and context options `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-javascript.spec.ts:84 › should save the codegen output to a file if specified `@firefox-macos-26-large`
⚠️ [firefox-library] › library/page-clock.spec.ts:427 › while running › should fastForwardTo `@firefox-macos-26-large`
⚠️ [firefox-library] › library/proxy.spec.ts:93 › should proxy local network requests › by default › localhost `@firefox-macos-26-large`
⚠️ [firefox-library] › library/proxy.spec.ts:252 › should bypass proxy for localhost when localhost is in bypass list `@firefox-macos-26-large`
⚠️ [firefox-library] › library/proxy.spec.ts:270 › should use socks proxy `@firefox-macos-26-large`
⚠️ [firefox-library] › library/proxy.spec.ts:280 › should use socks proxy in second page `@firefox-macos-26-large`
⚠️ [firefox-library] › library/role-utils.spec.ts:38 › wpt accname #2 `@firefox-macos-26-large`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:195 › should filter actions by text `@firefox-macos-26-large`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:209 › should open uncompressed trace directory `@firefox-macos-26-large`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:1630 › should show correct request start time `@firefox-macos-26-large`
⚠️ [firefox-page] › page/page-click.spec.ts:39 › should issue clicks in parallel in page and popup `@firefox-macos-26-large`
⚠️ [firefox-page] › page/page-evaluate.spec.ts:565 › should transfer 100Mb of data from page to node.js `@firefox-macos-26-large`
⚠️ [firefox-page] › page/page-filechooser.spec.ts:24 › should upload multiple large files `@firefox-macos-26-large`
⚠️ [firefox-page] › page/page-set-input-files.spec.ts:146 › should upload large file `@firefox-macos-26-large`
⚠️ [firefox-library] › library/global-fetch.spec.ts:381 › should not double stringify literal string undefined body when content-type is application/json `@firefox-beta-macos-latest`
⚠️ [firefox-page] › page/page-add-locator-handler.spec.ts:19 › should work `@firefox-beta-macos-latest`
⚠️ [firefox-page] › page/page-event-request.spec.ts:385 › should return last requests `@firefox-beta-macos-latest`
⚠️ [firefox-library] › library/global-fetch-cookie.spec.ts:91 › should do case-insensitive match of cookie domain `@firefox-macos-15-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-3.spec.ts:224 › cli codegen › should generate frame locators (4) `@firefox-macos-15-large`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:195 › should filter actions by text `@firefox-macos-15-large`
⚠️ [firefox-page] › page/retarget.spec.ts:142 › visible/hidden retargeting `@firefox-macos-15-large`
⚠️ [firefox-page] › page/selectors-frame.spec.ts:49 › should work for iframe @smoke `@firefox-macos-15-large`
⚠️ [firefox-page] › page/page-emulate-media.spec.ts:144 › should keep reduced motion and color emulation after reload `@firefox-macos-15-xlarge`
⚠️ [webkit-library] › library/selector-generator.spec.ts:404 › selector generator › should prioritize attributes correctly › placeholder `@webkit-macos-26-large`
⚠️ [webkit-library] › library/trace-viewer-scrub.spec.ts:125 › should have tick marks on scrubber `@webkit-macos-26-large`
⚠️ [webkit-library] › library/trace-viewer.spec.ts:195 › should filter actions by text `@webkit-macos-26-large`
⚠️ [webkit-library] › library/tracing.spec.ts:400 › should not stall on dialogs `@webkit-macos-26-large`
⚠️ [webkit-library] › library/video.spec.ts:113 › screencast › should capture static page `@webkit-macos-26-large`
⚠️ [webkit-page] › page/wheel.spec.ts:51 › should dispatch wheel events @smoke `@webkit-macos-26-large`
⚠️ [webkit-library] › library/browsertype-connect.spec.ts:535 › launchServer › should name video file after page guid when connecting to remote browser with artifactsDir `@webkit-headed-ubuntu-24.04`
⚠️ [webkit-library] › library/inspector/cli-codegen-java.spec.ts:78 › should print load/save storage_state `@webkit-headed-ubuntu-24.04`
⚠️ [webkit-library] › library/inspector/cli-codegen-csharp.spec.ts:231 › should work with --save-har and --save-har-glob in xunit `@webkit-headed-windows-latest`
⚠️ [webkit-page] › page/wheel.spec.ts:154 › should scroll horizontally `@webkit-headed-macos-15-xlarge`
⚠️ [webkit-library] › library/har.spec.ts:165 › should include form params `@webkit-headed-ubuntu-22.04`
⚠️ [webkit-library] › library/trace-viewer.spec.ts:392 › should truncate long return values with ellipsis but copy full value `@webkit-headed-ubuntu-22.04`
⚠️ [webkit-page] › page/page-mouse.spec.ts:174 › should report correct pointerType property `@webkit-headed-ubuntu-22.04`
⚠️ [webkit-page] › page/page-request-fallback.spec.ts:221 › post data › should amend post data `@webkit-macos-15-xlarge`

270302 passed, 11348 skipped, 3187 did not run

Merge workflow run.

github-actions · 2026-05-07T03:54:14Z

Test results for "tests 2"

9 fatal errors, not part of any test
14 failed
❌ [chromium-library] › library/trace-viewer.spec.ts:195 › should filter actions by text @chromium-macos-26-large
❌ [firefox-library] › library/screencast.spec.ts:28 › screencast.start delivers frames via onFrame callback @firefox-headed-macos-15-xlarge
❌ [firefox-page] › page/page-emulate-media.spec.ts:196 › should report hover and fine pointer for desktop @firefox-beta-ubuntu-22.04
❌ [firefox-library] › library/page-clock.spec.ts:537 › AbortSignal.timeout @tracing-firefox
❌ [firefox-library] › library/capabilities.spec.ts:105 › should support webgl @smoke @firefox-beta-windows-latest
❌ [firefox-page] › page/page-screenshot.spec.ts:321 › page screenshot › should work for webgl @firefox-beta-windows-latest
❌ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:113 › should restore state from userDataDir @firefox-macos-26-large
❌ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:140 › should create userDataDir if it does not exist @firefox-macos-26-large
❌ [firefox-page] › page/expect-timeout.spec.ts:114 › should not miss element that appears between retries before the deadline @firefox-macos-26-large
❌ [firefox-library] › library/capabilities.spec.ts:105 › should support webgl @smoke @firefox-beta-macos-latest
❌ [firefox-library] › library/capabilities.spec.ts:113 › should support webgl 2 @smoke @firefox-beta-macos-latest
❌ [firefox-page] › page/page-screenshot.spec.ts:321 › page screenshot › should work for webgl @firefox-beta-macos-latest
❌ [webkit-library] › library/trace-viewer.spec.ts:195 › should filter actions by text @webkit-macos-26-large
❌ [webkit-library] › library/trace-viewer.spec.ts:195 › should filter actions by text @webkit-macos-15-large

86 flaky

⚠️ [chromium-library] › library/browsercontext-basic.spec.ts:72 › should be able to hover across browser contexts in parallel `@chromium-headed-ubuntu-24.04`
⚠️ [chromium-library] › library/screencast.spec.ts:214 › start dispose stops recording `@chromium-headed-ubuntu-24.04`
⚠️ [chromium-library] › library/trace-viewer.spec.ts:1153 › should show action source `@chromium-headed-ubuntu-24.04`
⚠️ [chromium-page] › page/page-mouse.spec.ts:200 › should select the text with mouse `@chromium-headed-ubuntu-24.04`
⚠️ [chromium-library] › library/downloads-path.spec.ts:32 › downloads path › should keep downloadsPath folder `@msedge-dev-windows-latest`
⚠️ [chromium-page] › page/page-event-console.spec.ts:255 › should have timestamp in consoleMessages `@msedge-dev-windows-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:173 › launchServer › should ignore page.pause when headed `@chromium-macos-26-large`
⚠️ [chromium-library] › library/video.spec.ts:371 › screencast › should scale frames down to the requested size `@chromium-macos-26-large`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:173 › launchServer › should ignore page.pause when headed `@chromium-tip-of-tree-macos-15--headed`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:358 › launchServer › should reject navigation when browser closes `@chromium-tip-of-tree-macos-15--headed`
⚠️ [chromium-library] › library/video.spec.ts:719 › screencast › should work with video+trace `@chromium-tip-of-tree-windows-latest`
⚠️ [chromium-library] › library/video.spec.ts:337 › screencast › should work for popups `@chrome-ubuntu-22.04`
⚠️ [chromium-library] › library/beforeunload.spec.ts:130 › should support dismissing the dialog multiple times `@chromium-ubuntu-24.04`
⚠️ [chromium-library] › library/trace-viewer.spec.ts:1481 › should highlight locator in iframe while typing `@channel-chromium-macos-latest`
⚠️ [chromium-library] › library/video.spec.ts:682 › screencast › should capture full viewport on hidpi `@chromium-windows-latest`
⚠️ [chromium-library] › library/chromium/oopif.spec.ts:152 › should take screenshot `@chromium-macos-14-xlarge`
⚠️ [chromium-library] › library/video.spec.ts:647 › screencast › should capture full viewport `@chromium-macos-15-xlarge`
⚠️ [chromium-library] › library/video.spec.ts:275 › screencast › should capture navigation `@chromium-tip-of-tree-headless-shell-ubuntu-22.04`
⚠️ [chromium-library] › library/chromium/connect-over-cdp.spec.ts:639 › should skip default overrides with noDefaults `@msedge-beta-macos-latest`
⚠️ [chromium-page] › page/workers.spec.ts:63 › should have timestamp on worker console messages `@chrome-windows-latest`
⚠️ [chromium-library] › library/browsercontext-user-agent.spec.ts:110 › should work for navigator.userAgentData and sec-ch-ua headers `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:141 › launchServer › should be able to reconnect to a browser `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:200 › launchServer › should be able to connect two browsers at the same time `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/browsertype-connect.spec.ts:415 › launchServer › should reject waitForEvent before browser.close finishes `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/chromium/connect-over-cdp.spec.ts:639 › should skip default overrides with noDefaults `@msedge-dev-macos-latest`
⚠️ [chromium-library] › library/beforeunload.spec.ts:130 › should support dismissing the dialog multiple times `@chrome-beta-macos-latest`
⚠️ [chromium-library] › library/video.spec.ts:682 › screencast › should capture full viewport on hidpi `@chromium-macos-26-xlarge`
⚠️ [chromium-library] › library/video.spec.ts:275 › screencast › should capture navigation `@chromium-tip-of-tree-ubuntu-22.04--headed`
⚠️ [chromium-page] › page/locator-frame.spec.ts:272 › should work with COEP/COOP/CORP isolated iframe `@chrome-macos-latest`
⚠️ [chromium-library] › library/popup.spec.ts:261 › should not throw when click closes popup `@driver`
⚠️ [chromium-library] › library/browsercontext-reuse.spec.ts:361 › reuse launch › should work with routeWebSocket `@chromium-headed-windows-latest`
⚠️ [chromium-library] › library/video.spec.ts:337 › screencast › should work for popups `@chromium-headed-windows-latest`
⚠️ [firefox-library] › library/browsercontext-viewport.spec.ts:25 › should get the proper default viewport size `@firefox-macos-26-xlarge`
⚠️ [firefox-library] › library/page-close.spec.ts:152 › should not treat navigations as new popups `@firefox-headed-macos-15-xlarge`
⚠️ [firefox-library] › library/screencast.spec.ts:55 › onFrame receives viewport size `@firefox-headed-macos-15-xlarge`
⚠️ [firefox-page] › page/page-request-gc.spec.ts:19 › should work `@firefox-beta-windows-latest`
⚠️ [firefox-library] › library/browsercontext-basic.spec.ts:411 › should emulate media in cross-process iframe `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/browsercontext-storage-state.spec.ts:415 › should support IndexedDB `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/browsercontext-viewport.spec.ts:29 › should set the proper viewport size `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/browsercontext-viewport.spec.ts:79 › should emulate device height `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/debugger.spec.ts:68 › should run to location `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/screencast.spec.ts:78 › start throws if screencast is already started `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:2177 › should survive service worker restart `@firefox-headed-windows-latest`
⚠️ [firefox-page] › page/page-click-scroll.spec.ts:41 › should scroll into view display:contents `@firefox-headed-windows-latest`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:183 › should handle exception `@firefox-macos-26-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:190 › should fire close event for a persistent context `@firefox-macos-26-large`
⚠️ [firefox-library] › library/hit-target.spec.ts:259 › should not click an element overlaying iframe with the target `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-aria.spec.ts:21 › should generate aria snapshot `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-csharp.spec.ts:202 › should not print context options method override in nunit if no options were passed `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-csharp.spec.ts:202 › should not print context options method override in mstest if no options were passed `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-csharp.spec.ts:208 › should print context options method override in mstest if options were passed `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-javascript.spec.ts:84 › should save the codegen output to a file if specified `@firefox-macos-26-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-python.spec.ts:76 › should save the codegen output to a file if specified `@firefox-macos-26-large`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:195 › should filter actions by text `@firefox-macos-26-large`
⚠️ [firefox-library] › library/tracing.spec.ts:432 › should produce screencast frames fit `@firefox-macos-26-large`
⚠️ [firefox-page] › page/expect-boolean.spec.ts:355 › toBeVisible › fail `@firefox-macos-26-large`
⚠️ [firefox-page] › page/expect-boolean.spec.ts:362 › toBeVisible › fail with not `@firefox-macos-26-large`
⚠️ [firefox-page] › page/expect-misc.spec.ts:48 › toHaveCount › eventually pass non-zero `@firefox-macos-26-large`
⚠️ [firefox-page] › page/expect-misc.spec.ts:375 › toHaveURL › fail with positive predicate `@firefox-macos-26-large`
⚠️ [firefox-page] › page/expect-to-have-text.spec.ts:171 › toHaveText with text › do not show "element(s) not found" when the real failure is a string mismatch `@firefox-macos-26-large`
⚠️ [firefox-page] › page/page-goto.spec.ts:534 › should succeed on url bar navigation when there is pending navigation `@firefox-beta-macos-latest`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:140 › should create userDataDir if it does not exist `@firefox-macos-15-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:161 › should have passed URL when launching with ignoreDefaultArgs: true `@firefox-macos-15-large`
⚠️ [firefox-library] › library/defaultbrowsercontext-2.spec.ts:245 › user agent is up to date `@firefox-macos-15-large`
⚠️ [firefox-library] › library/inspector/cli-codegen-aria.spec.ts:74 › should inspect aria snapshot `@firefox-macos-15-large`
⚠️ [firefox-library] › library/trace-viewer.spec.ts:195 › should filter actions by text `@firefox-macos-15-large`
⚠️ [firefox-page] › page/page-event-request.spec.ts:182 › should return response body when Cross-Origin-Opener-Policy is set `@firefox-macos-15-large`
⚠️ [webkit-library] › library/browsercontext-cookies-third-party.spec.ts:419 › same origin third party 'Partitioned;' cookie with different origin intermediate iframe `@webkit-macos-26-large`
⚠️ [webkit-library] › library/browsercontext-events.spec.ts:238 › frameattached event should work @smoke `@webkit-macos-26-large`
⚠️ [webkit-library] › library/browsercontext-fetch.spec.ts:385 › should remove cookie with expires far in the past `@webkit-macos-26-large`
⚠️ [webkit-library] › library/browsercontext-har.spec.ts:87 › should only context.routeFromHAR requests matching url filter `@webkit-macos-26-large`
⚠️ [webkit-library] › library/browsercontext-locale.spec.ts:103 › should work for multiple pages sharing same process `@webkit-macos-26-large`
⚠️ [webkit-library] › library/browsercontext-network-event.spec.ts:90 › should fire events in proper order `@webkit-macos-26-large`
⚠️ [webkit-library] › library/browsertype-connect.spec.ts:814 › run-server › setInputFiles should preserve lastModified timestamp `@webkit-macos-26-large`
⚠️ [webkit-library] › library/trace-viewer.spec.ts:447 › should filter network requests by resource type `@webkit-macos-26-large`
⚠️ [webkit-library] › library/tracing.spec.ts:432 › should produce screencast frames scale `@webkit-macos-26-large`
⚠️ [webkit-library] › library/video.spec.ts:621 › screencast › should not create video for internal pages `@webkit-macos-26-large`
⚠️ [webkit-page] › page/elementhandle-wait-for-element-state.spec.ts:115 › should wait for stable position `@webkit-macos-26-large`
⚠️ [webkit-page] › page/eval-on-selector.spec.ts:74 › should auto-detect css selector with attributes `@webkit-macos-26-large`
⚠️ [webkit-page] › page/expect-boolean.spec.ts:67 › toBeChecked › with not `@webkit-macos-26-large`
⚠️ [webkit-page] › page/page-request-continue.spec.ts:182 › post data › should amend post data `@webkit-macos-26-large`
⚠️ [webkit-library] › library/inspector/cli-codegen-python-async.spec.ts:107 › should print load/save storage_state `@webkit-headed-ubuntu-22.04`
⚠️ [webkit-page] › page/page-set-input-files.spec.ts:297 › should detect mime type `@tracing-webkit`
⚠️ [webkit-library] › library/downloads-path.spec.ts:32 › downloads path › should keep downloadsPath folder `@webkit-windows-latest`
⚠️ [webkit-library] › library/browsertype-connect.spec.ts:776 › launchServer › should upload a folder `@webkit-ubuntu-24.04`
⚠️ [webkit-library] › library/tracing.spec.ts:432 › should produce screencast frames scale `@webkit-macos-15-large`

265751 passed, 11095 skipped, 3420 did not run

Merge workflow run.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 7, 2026

This comment has been minimized.

Sign in to view

pavelfeldman approved these changes May 7, 2026

View reviewed changes

pavelfeldman merged commit ead11df into main May 7, 2026
298 of 347 checks passed

pavelfeldman deleted the dependabot/npm_and_yarn/hono-4.12.18 branch May 7, 2026 19:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump hono from 4.12.14 to 4.12.18#40686

chore(deps-dev): bump hono from 4.12.14 to 4.12.18#40686
pavelfeldman merged 1 commit intomainfrom
dependabot/npm_and_yarn/hono-4.12.18

dependabot Bot commented on behalf of github May 7, 2026

Uh oh!

github-actions Bot commented May 7, 2026

Uh oh!

github-actions Bot commented May 7, 2026

Uh oh!

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

github-actions Bot commented May 7, 2026

Uh oh!

This comment has been minimized.

This comment has been minimized.

github-actions Bot commented May 7, 2026

Uh oh!

github-actions Bot commented May 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 7, 2026

v4.12.18

Security fixes

Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

CSS Declaration Injection via Style Object Values in JSX SSR

Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

v4.12.17

What's Changed

New Contributors

v4.12.16

Security fixes

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

bodyLimit() can be bypassed for chunked / unknown-length requests

v4.12.15

What's Changed

Uh oh!

github-actions Bot commented May 7, 2026

Test results for "MCP"

Uh oh!

github-actions Bot commented May 7, 2026

Test results for "tests 1"

Uh oh!

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

github-actions Bot commented May 7, 2026

Test results for "tests others"

Uh oh!

This comment has been minimized.

This comment has been minimized.

github-actions Bot commented May 7, 2026

Test results for "tests 2"

Uh oh!

github-actions Bot commented May 7, 2026

Test results for "tests 2"

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant