Skip to content

Build(deps): Bump h3 from 1.15.4 to 1.15.11#42262

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/h3-1.15.11
Closed

Build(deps): Bump h3 from 1.15.4 to 1.15.11#42262
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/h3-1.15.11

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps h3 from 1.15.4 to 1.15.11.

Release notes

Sourced from h3's releases.

v1.15.11

compare changes

🏡 Chore

v1.15.10

compare changes

🩹 Fixes

  • Preserve percent-encoded req.url in app event handler (#1355)

❤️ Contributors

v1.15.9

compare changes

🩹 Fixes

  • Preserve %25 in pathname (1103df6)
  • static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
  • sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

v1.15.8

compare changes

🩹 Fixes

  • Preserve %25 in pathname (1103df6)

v1.15.7

compare changes

🩹 Fixes

  • static: Narrow path traversal check to match .. as a path segment only (c049dc0)
  • app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

  • Remove implicit event handler conversion warning (#1340)

❤️ Contributors

... (truncated)

Changelog

Sourced from h3's changelog.

v1.15.11

compare changes

🏡 Chore

❤️ Contributors

v1.15.10

compare changes

🩹 Fixes

  • Preserve percent-encoded req.url in app event handler (#1355)

🏡 Chore

❤️ Contributors

v1.15.9

compare changes

🩹 Fixes

  • Preserve %25 in pathname (1103df6)
  • static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
  • sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

🏡 Chore

❤️ Contributors

... (truncated)

Commits

@dependabot dependabot Bot mentioned this pull request Apr 1, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/h3-1.15.11 branch from 471b634 to 0a36db8 Compare April 7, 2026 09:03
@dependabot
Build(deps): Bump h3 from 1.15.4 to 1.15.11
64af358 
Bumps [h3](https://github.com/h3js/h3) from 1.15.4 to 1.15.11.
- [Release notes](https://github.com/h3js/h3/releases)
- [Changelog](https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md)
- [Commits](h3js/h3@v1.15.4...v1.15.11)

---
updated-dependencies:
- dependency-name: h3
  dependency-version: 1.15.11
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/h3-1.15.11 branch from 0a36db8 to 64af358 Compare April 14, 2026 09:02
@julien-deramond
Copy link
Copy Markdown
Member

julien-deramond commented Apr 15, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 15, 2026

Looks like h3 is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 15, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/h3-1.15.11 branch April 15, 2026 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies on-hold v5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@julien-deramond