From 94af32ccf204438335f3f43f2487001901cf6c0f Mon Sep 17 00:00:00 2001
From: Brendan Kellam <10233483+brendan-kellam@users.noreply.github.com>
Date: Wed, 17 Jun 2026 22:20:23 +0000
Subject: [PATCH 1/2] chore: upgrade hono to ^4.12.25 to address CVE-2026-54287

Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1346/sourcebot-devsourcebot-cve-2026-54287-hono-aws-lambda-adapter-merges#agent-session-5e4bdee9)

Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 1bcb373a0..bd4e867d7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -15370,9 +15370,9 @@ __metadata:
   linkType: hard
 
 "hono@npm:^4.11.4":
-  version: 4.12.24
-  resolution: "hono@npm:4.12.24"
-  checksum: 10c0/1a1394e48618c34b0ea627d7de7e5d59f1d90aedcd518f9d19b987260bbf16c362043e417bbb64290110c3cd54ef51017f7786438a0c2d811af01566d6ca3e94
+  version: 4.12.25
+  resolution: "hono@npm:4.12.25"
+  checksum: 10c0/9216d647fe2f39b17855b0e74913688b837e3fa9519d367c7beeec399265b36608a820928cc33ab926eee58fe2daf7e33296235b52e56dbfac0fbcd51a5e818e
   languageName: node
   linkType: hard
 

From 73fd644a6f64c436972d0e0ca01cc7aa99a6f7de Mon Sep 17 00:00:00 2001
From: Brendan Kellam <10233483+brendan-kellam@users.noreply.github.com>
Date: Wed, 17 Jun 2026 22:20:48 +0000
Subject: [PATCH 2/2] docs: add CHANGELOG entry for hono upgrade

Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1346/sourcebot-devsourcebot-cve-2026-54287-hono-aws-lambda-adapter-merges#agent-session-5e4bdee9)

Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 58272a7e9..8d04bc369 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 - Upgraded `@grpc/grpc-js` to `^1.14.4`. [#1315](https://github.com/sourcebot-dev/sourcebot/pull/1315)
 - Upgraded `vite` to `^8.0.16`. [#1313](https://github.com/sourcebot-dev/sourcebot/pull/1313)
+- Upgraded `hono` to `^4.12.25`. [#1322](https://github.com/sourcebot-dev/sourcebot/pull/1322)
 
 ## [5.0.3] - 2026-06-17