From 0e980fe8ce0fde853d5df44b9609c2d13681ed8e Mon Sep 17 00:00:00 2001
From: Toby Hede <toby@cipherstash.com>
Date: Tue, 17 Feb 2026 14:19:42 +1100
Subject: [PATCH] fix(deps): remediate medium vulnerabilities

Update lodash and hono for medium severity vulnerabilities.
---
 examples/hono-supabase/package.json |  2 +-
 package.json                        |  3 ++-
 pnpm-lock.yaml                      | 15 ++++++++-------
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/examples/hono-supabase/package.json b/examples/hono-supabase/package.json
index 1c4f3166..079343c7 100644
--- a/examples/hono-supabase/package.json
+++ b/examples/hono-supabase/package.json
@@ -10,7 +10,7 @@
     "@hono/node-server": "^1.13.7",
     "@supabase/supabase-js": "^2.47.10",
     "dotenv": "^16.4.7",
-    "hono": "^4.11.4"
+    "hono": "^4.11.9"
   },
   "devDependencies": {
     "@types/node": "^20.11.17",
diff --git a/package.json b/package.json
index 20258f73..2436f329 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,8 @@
       "js-yaml": "3.14.2",
       "test-exclude": "^7.0.1",
       "glob": ">=11.1.0",
-      "qs": ">=6.14.1"
+      "qs": ">=6.14.1",
+      "lodash": ">=4.17.23"
     },
     "peerDependencyRules": {
       "ignoreMissing": [
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 446beba0..08a3a89d 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -36,6 +36,7 @@ overrides:
   test-exclude: ^7.0.1
   glob: '>=11.1.0'
   qs: '>=6.14.1'
+  lodash: '>=4.17.23'
 
 importers:
 
@@ -162,7 +163,7 @@ importers:
         specifier: ^16.4.7
         version: 16.6.1
       hono:
-        specifier: ^4.11.4
+        specifier: ^4.11.9
         version: 4.11.9
     devDependencies:
       '@types/node':
@@ -5040,8 +5041,8 @@ packages:
   lodash.startcase@4.4.0:
     resolution: {integrity: sha512-+WKqsK294HMSc2jEbNgpHpd0JfIBhp7rEV4aqXWqFr6AlXov+SlcgB1Fv01y2kGe3Gc8nMW7VA0SrGuSkRfIEg==}
 
-  lodash@4.17.21:
-    resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
+  lodash@4.17.23:
+    resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==}
 
   log-symbols@4.1.0:
     resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==}
@@ -8381,7 +8382,7 @@ snapshots:
       '@nestjs/common': 11.1.9(reflect-metadata@0.2.2)(rxjs@7.8.2)
       dotenv: 16.4.5
       dotenv-expand: 10.0.0
-      lodash: 4.17.21
+      lodash: 4.17.23
       rxjs: 7.8.2
 
   '@nestjs/core@11.1.9(@nestjs/common@11.1.9(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.9)(reflect-metadata@0.2.2)(rxjs@7.8.2)':
@@ -11336,7 +11337,7 @@ snapshots:
       '@types/lodash': 4.17.21
       is-glob: 4.0.3
       js-yaml: 3.14.2
-      lodash: 4.17.21
+      lodash: 4.17.23
       minimist: 1.2.8
       prettier: 3.7.4
       tinyglobby: 0.2.15
@@ -11447,7 +11448,7 @@ snapshots:
 
   lodash.startcase@4.4.0: {}
 
-  lodash@4.17.21: {}
+  lodash@4.17.23: {}
 
   log-symbols@4.1.0:
     dependencies:
@@ -11626,7 +11627,7 @@ snapshots:
 
   node-emoji@1.11.0:
     dependencies:
-      lodash: 4.17.21
+      lodash: 4.17.23
 
   node-int64@0.4.0: {}