Skip to content

Upgrade dependencies (2026-05-31)#171

Merged
pokle merged 1 commit into
masterfrom
claude/fervent-ptolemy-kTEA9
May 31, 2026
Merged

Upgrade dependencies (2026-05-31)#171
pokle merged 1 commit into
masterfrom
claude/fervent-ptolemy-kTEA9

Conversation

@pokle
Copy link
Copy Markdown
Owner

@pokle pokle commented May 31, 2026

Summary

  • better-auth 1.6.11→1.6.13: Fixes high-severity SAML XML injection and 2FA session cookie leak. Also fixes migration field index ordering, cookie refresh forwarding, OAuth state validation, org invitation routing.
  • hono 4.12.22→4.12.23: serve-static backslash normalization fix, IP address single-zero-group compression fix.
  • wrangler 4.94.0→4.95.0: Rejects remote: false on remote-only binding types, preserves --compatibility-flags during deploy config flow, Cloudflare Access detection for remote bindings. Workerd bumped to 1.20260526.1.
  • agents 0.13.2→0.13.3: Session auto-compaction enhancements, chat recovery for pre-stream interruptions, facet startup deadlock fix. Pinned exact (pre-1.0).
  • @cloudflare/vitest-pool-workers 0.16.9→0.16.10: Aligned with wrangler 4.95.0.
  • @cloudflare/workers-types 4.20260524.1→4.20260531.1: Weekly type definition update.

No code changes required — all upgrades are drop-in.

Verification

  • bun run typecheck:all — 6/6 workspace typechecks pass
  • bun run test:all — 412 engine + 52 auth-api + 251 competition-api + 21 mcp-api pass
  • bun run test:e2e — 5/6 pass (1 flaky timing failure that rotates between specs, pre-existing)
  • bun audit — 0 vulnerabilities

Log entry

See docs/dependency-review-log.md § 2026-05-31 for full details including packages intentionally not upgraded.

https://claude.ai/code/session_01TgSEUkXqD2Fu6euXvW4PNK

Generated by Claude Code

@claude
Upgrade dependencies (2026-05-31): better-auth SAML/2FA security fixe…
c8930b9 
…s, wrangler 4.95.0

- better-auth 1.6.11→1.6.13: SAML XML injection fix, 2FA session cookie leak
- hono 4.12.22→4.12.23: serve-static backslash fix, IP address normalization
- wrangler 4.94.0→4.95.0: remote binding validation, compat flags preservation
- agents 0.13.2→0.13.3: session auto-compaction, chat recovery, deadlock fix
- @cloudflare/vitest-pool-workers 0.16.9→0.16.10: aligned with wrangler 4.95.0
- @cloudflare/workers-types 4.20260524.1→4.20260531.1: weekly type update

See docs/dependency-review-log.md entry for 2026-05-31.

https://claude.ai/code/session_01TgSEUkXqD2Fu6euXvW4PNK
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 31, 2026

Preview Deployment
https://e6bf1a5a.glidecomp.pages.dev
Commit: c8930b9

@pokle pokle marked this pull request as ready for review May 31, 2026 22:32
@pokle pokle merged commit fde480c into master May 31, 2026
8 checks passed
@pokle pokle deleted the claude/fervent-ptolemy-kTEA9 branch May 31, 2026 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pokle @claude